Hi, I'm experiencing a similar issue as per this e-mail below:
https://www.mail-archive.com/lftp@uniyar.ac.ru/msg04733.html WinSCP seems to work as expected. However, I'm trying to upload a file via ftp with explicit TLS to a vsftpd server. There is a problem with the lftp client, when trying to reconnect after or during uploading of a 36MiB file. I experience the same issue with curl, and wput utilities. Below is what we see in the server log: Fri Feb 12 13:30:24 2021 [pid 28356] [user] DEBUG: Client "192.168.0.100", "SSL version: TLSv1.2, SSL cipher: ECDHE-RSA-AES256-GCM-SHA384, reused, no cert" Fri Feb 12 13:30:34 2021 [pid 28356] [user] DEBUG: Client "192.168.0.100", "DATA connection terminated without SSL shutdown. Buggy client! Integrity of upload cannot be asserted." Fri Feb 12 13:30:34 2021 [pid 28356] [user] DEBUG: Client "192.168.0.100", "SSL shutdown state is: NONE" Fri Feb 12 13:30:34 2021 [pid 28356] [user] DEBUG: Client "192.168.0.100", "SSL shutdown state is: SSL_SENT_SHUTDOWN" Fri Feb 12 13:30:34 2021 [pid 28356] [user] DEBUG: Client "192.168.0.100", "SSL shutdown state is: SSL_SENT_SHUTDOWN" Fri Feb 12 13:30:34 2021 [pid 28356] [user] DEBUG: Client "192.168.0.100", "SSL shutdown state is: SSL_SENT_SHUTDOWN" Fri Feb 12 13:30:34 2021 [pid 28356] [user] DEBUG: Client "192.168.0.100", "SSL ret: 18446744073709551615, SSL error: error:00000000:lib(0):func(0):reason(0), errno: 0" Fri Feb 12 13:30:34 2021 [pid 28357] [user] FTP response: Client "192.168.0.100", "426 Failure reading network stream." Fri Feb 12 13:30:34 2021 [pid 28357] [user] FAIL UPLOAD: Client "192.168.0.100", "/test/testfile.test", 37748736 bytes, 3774.57Kbyte/sec Fri Feb 12 13:30:34 2021 [pid 28357] [user] FTP command: Client "192.168.0.100", "QUIT" Fri Feb 12 13:30:34 2021 [pid 28357] [user] FTP response: Client "192.168.0.100", "221 Goodbye." lftp: version 4.8.4 vsftpd: version 3.0.3 In our vsftpd.conf, we do not have the following options set strict_ssl_read_eof If enabled, SSL data uploads are required to terminate via SSL, not an EOF on the socket. This option is required to be sure that an attacker did not terminate an upload prema- turely with a faked TCP FIN. Unfortunately, it is not enabled by default because so few clients get it right. (New in v2.0.7). Default: NO strict_ssl_write_shutdown If enabled, SSL data downloads are required to terminate via SSL, not an EOF on the socket. This is off by default as I was unable to find a single FTP client that does this. It is minor. All it affects is our ability to tell whether the client confirmed full receipt of the file. Even without this option, the client is able to check the integrity of the down- load. (New in v2.0.7). Default: NO Regards, Theunis
_______________________________________________ lftp mailing list lftp@uniyar.ac.ru http://univ.uniyar.ac.ru/mailman/listinfo/lftp
