Oracle Linux: FTPS is Failing "gnutls_handshake: Error in the pull function" "An unexpected TLS packet was received."
(Doc ID 2681526.1)
Last updated on JULY 01, 2020
Applies to:
Linux OS - Version Oracle Linux 7.6 and laterLinux x86-64
Symptoms
When trying to connect to ftp server over ssl, authentication is successful. But when try to retrieve any data, it fails. Look at the end below command output for the error.
#lftp -d -u <username> -e 'debug 13 set ftp:ssl-force true' ftp_server:21 Password: lftp username@ftp_server:~> ls -ld <<<<<===== command to list the files in the ftp directory FileCopy(0xc37c80) enters state INITIAL FileCopy(0xc37c80) enters state DO_COPY ---- dns cache hit ---- attempt number 0 ---- attempt number 1 ---- Connecting to ftp_server (192.x.x.x) port 21 <--- 220 (vsFTPd 3.0.2) ---> FEAT <--- 211-Features: <--- AUTH SSL <--- AUTH TLS <--- EPRT <--- EPSV <--- MDTM <--- PASV <--- PBSZ <--- PROT <--- REST STREAM <--- SIZE <--- TVFS <--- UTF8 <--- 211 End ---> AUTH TLS <--- 234 Proceed with negotiation. ---> OPTS UTF8 ON GNUTLS: HSK[0x1131870]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B) GNUTLS: HSK[0x1131870]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C) GNUTLS: HSK[0x1131870]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86) GNUTLS: HSK[0x1131870]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87) GNUTLS: HSK[0x1131870]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09) GNUTLS: HSK[0x1131870]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13) GNUTLS: HSK[0x1131870]: Keeping ciphersuite: DHE_DSS_ARCFOUR_128_SHA1 (00.66) GNUTLS: EXT[0x1131870]: Sending extension STATUS REQUEST (5 bytes) GNUTLS: EXT[0x1131870]: Sending extension SERVER NAME (26 bytes) GNUTLS: EXT[0x1131870]: Sending extension SAFE RENEGOTIATION (1 bytes) GNUTLS: EXT[0x1131870]: Sending extension SESSION TICKET (0 bytes) GNUTLS: EXT[0x1131870]: Sending extension SUPPORTED ECC (8 bytes) GNUTLS: EXT[0x1131870]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes) GNUTLS: EXT[0x1131870]: sent signature algo (4.1) RSA-SHA256 GNUTLS: EXT[0x1131870]: sent signature algo (4.2) DSA-SHA256 GNUTLS: EXT[0x1131870]: sent signature algo (4.3) ECDSA-SHA256 GNUTLS: EXT[0x1131870]: sent signature algo (5.1) RSA-SHA384 GNUTLS: EXT[0x1131870]: sent signature algo (5.3) ECDSA-SHA384 GNUTLS: EXT[0x1131870]: sent signature algo (6.1) RSA-SHA512 GNUTLS: EXT[0x1131870]: sent signature algo (6.3) ECDSA-SHA512 GNUTLS: EXT[0x1131870]: sent signature algo (3.1) RSA-SHA224 GNUTLS: EXT[0x1131870]: sent signature algo (3.2) DSA-SHA224 GNUTLS: EXT[0x1131870]: sent signature algo (3.3) ECDSA-SHA224 GNUTLS: EXT[0x1131870]: sent signature algo (2.1) RSA-SHA1 GNUTLS: EXT[0x1131870]: sent signature algo (2.2) DSA-SHA1 GNUTLS: EXT[0x1131870]: sent signature algo (2.3) ECDSA-SHA1 GNUTLS: EXT[0x1131870]: Sending extension SIGNATURE ALGORITHMS (28 bytes) GNUTLS: HSK[0x1131870]: CLIENT HELLO was queued [267 bytes] GNUTLS: HSK[0x1131870]: SERVER HELLO (2) was received. Length 57[57], frag offset 0, frag length: 57, sequence: 0 GNUTLS: HSK[0x1131870]: Server's version: 3.3 GNUTLS: HSK[0x1131870]: SessionID length: 0 GNUTLS: HSK[0x1131870]: SessionID: c0 GNUTLS: HSK[0x1131870]: Selected cipher suite: ECDHE_RSA_AES_128_GCM_SHA256 GNUTLS: HSK[0x1131870]: Selected compression method: NULL (0) GNUTLS: EXT[0x1131870]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes) GNUTLS: EXT[0x1131870]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (4 bytes) GNUTLS: EXT[0x1131870]: Parsing extension 'SESSION TICKET/35' (0 bytes) GNUTLS: HSK[0x1131870]: Safe renegotiation succeeded GNUTLS: HSK[0x1131870]: CERTIFICATE (11) was received. Length 2897[2897], frag offset 0, frag length: 2897, sequence: 0 GNUTLS: HSK[0x1131870]: SERVER KEY EXCHANGE (12) was received. Length 329[329], frag offset 0, frag length: 329, sequence: 0 GNUTLS: HSK[0x1131870]: Selected ECC curve SECP256R1 (2) GNUTLS: HSK[0x1131870]: verify handshake data: using RSA-SHA256 GNUTLS: HSK[0x1131870]: CERTIFICATE REQUEST (13) was received. Length 38[42], frag offset 0, frag length: 38, sequence: 0 GNUTLS: EXT[0x1131870]: rcvd signature algo (6.1) RSA-SHA512 GNUTLS: EXT[0x1131870]: rcvd signature algo (6.2) DSA-SHA512 GNUTLS: EXT[0x1131870]: rcvd signature algo (6.3) ECDSA-SHA512 GNUTLS: EXT[0x1131870]: rcvd signature algo (5.1) RSA-SHA384 GNUTLS: EXT[0x1131870]: rcvd signature algo (5.2) DSA-SHA384 GNUTLS: EXT[0x1131870]: rcvd signature algo (5.3) ECDSA-SHA384 GNUTLS: EXT[0x1131870]: rcvd signature algo (4.1) RSA-SHA256 GNUTLS: EXT[0x1131870]: rcvd signature algo (4.2) DSA-SHA256 GNUTLS: EXT[0x1131870]: rcvd signature algo (4.3) ECDSA-SHA256 GNUTLS: EXT[0x1131870]: rcvd signature algo (3.1) RSA-SHA224 GNUTLS: EXT[0x1131870]: rcvd signature algo (3.2) DSA-SHA224 GNUTLS: EXT[0x1131870]: rcvd signature algo (3.3) ECDSA-SHA224 GNUTLS: EXT[0x1131870]: rcvd signature algo (2.1) RSA-SHA1 GNUTLS: EXT[0x1131870]: rcvd signature algo (2.2) DSA-SHA1 GNUTLS: EXT[0x1131870]: rcvd signature algo (2.3) ECDSA-SHA1 GNUTLS: HSK[0x1131870]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 1, sequence: 0 GNUTLS: HSK[0x1131870]: CERTIFICATE was queued [7 bytes] GNUTLS: HSK[0x1131870]: CLIENT KEY EXCHANGE was queued [70 bytes] GNUTLS: REC[0x1131870]: Sent ChangeCipherSpec GNUTLS: HSK[0x1131870]: Cipher Suite: ECDHE_RSA_AES_128_GCM_SHA256 GNUTLS: HSK[0x1131870]: Initializing internal [write] cipher sessions GNUTLS: HSK[0x1131870]: recording tls-unique CB (send) GNUTLS: HSK[0x1131870]: FINISHED was queued [16 bytes] GNUTLS: HSK[0x1131870]: NEW SESSION TICKET (4) was received. Length 198[198], frag offset 0, frag length: 198, sequence: 0 GNUTLS: HSK[0x1131870]: Cipher Suite: ECDHE_RSA_AES_128_GCM_SHA256 GNUTLS: HSK[0x1131870]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 Certificate: C=US,ST=California,L=San Jose,O=test Inc,OU=IT,CN=ftp_server.test.com Issued by: C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA Checking against: C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA Trusted Certificate: C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA Issued by: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert Global Root CA Trusted <--- 200 Always in UTF8 mode. ---> USER san_bkp <--- 331 Please specify the password. ---> PASS XXXX <--- 230 Login successful. ---> PWD <--- 257 "/ftp/private/users/username" ---- attempt number 1 ---> PBSZ 0 <--- 200 PBSZ set to 0. ---> PROT P <--- 200 PROT now Private. ---> PASV <--- 227 Entering Passive Mode (192,x,x,x,66,27). ---- Connecting data socket to (192.x.x.x) port 16923 ---- Data connection established 0:0 translated to pair 0:0 (0,0) 0 translated to pair 0:0 (0,0) ---> LIST -ld <--- 150 Here comes the directory listing. 0:0 translated to pair 0:0 (0,0) 0 translated to pair 0:0 (0,0) GNUTLS: HSK[0xc71ab0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B) GNUTLS: HSK[0xc71ab0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C) GNUTLS: HSK[0xc71ab0]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86) GNUTLS: HSK[0xc71ab0]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87) GNUTLS: EXT[0xc71ab0]: Sending extension SUPPORTED ECC (8 bytes) GNUTLS: EXT[0xc71ab0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes) GNUTLS: EXT[0xc71ab0]: sent signature algo (4.1) RSA-SHA256 GNUTLS: EXT[0xc71ab0]: sent signature algo (4.2) DSA-SHA256 GNUTLS: EXT[0xc71ab0]: sent signature algo (4.3) ECDSA-SHA256 GNUTLS: EXT[0xc71ab0]: sent signature algo (5.1) RSA-SHA384 GNUTLS: EXT[0xc71ab0]: sent signature algo (5.3) ECDSA-SHA384 GNUTLS: EXT[0xc71ab0]: sent signature algo (6.1) RSA-SHA512 GNUTLS: EXT[0xc71ab0]: sent signature algo (6.3) ECDSA-SHA512 GNUTLS: EXT[0xc71ab0]: sent signature algo (3.1) RSA-SHA224 GNUTLS: EXT[0xc71ab0]: sent signature algo (3.2) DSA-SHA224 GNUTLS: EXT[0xc71ab0]: sent signature algo (3.3) ECDSA-SHA224 GNUTLS: EXT[0xc71ab0]: sent signature algo (2.1) RSA-SHA1 GNUTLS: EXT[0xc71ab0]: sent signature algo (2.2) DSA-SHA1 GNUTLS: EXT[0xc71ab0]: sent signature algo (2.3) ECDSA-SHA1 GNUTLS: EXT[0xc71ab0]: Sending extension SIGNATURE ALGORITHMS (28 bytes) GNUTLS: HSK[0xc71ab0]: CLIENT HELLO was queued [491 bytes] **** gnutls_handshake: Error in the pull function. ---- Closing data socket GNUTLS: Received record packet of unknown type 53 **** gnutls_record_recv: An unexpected TLS packet was received. ---- Closing control socket ls: Fatal error: gnutls_record_recv: An unexpected TLS packet was received.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |