FileZilla更新到3.57.0后,由于禁止了TLS1.2以下的SSL加密,导致很多人无法登录FTP,提示
错误: GnuTLS 错误 -8: A packet with illegal or unsupported version was received. Error: GnuTLS error -8: A packet with illegal or unsupported version was received. 状态: 尝试连接“ECONNABORTED - 连接中止”失败。 Status: Connection attempt failed with "ECONNABORTED - Connection aborted".
FileZilla官方回复
https://forum.filezilla-project.org/viewtopic.php?f=2&t=54358
我的服务端是Serv-U搭建的,还是很老的 11 版本,查看最新版已经更新到 15 了,而且找了一遍也没有找可以设置TLS版本的地方。
于是有了升级新版的念头。
找了一个15.2.0版本的Serv-U覆盖安装,一切顺利,启动后原来的用户都还在。
顺便讲一下如果是迁移,可以先安装,建好和原来一样的域,把系统盘的
C:\ProgramData\RhinoSoft.com\Serv-U\Users
文件还原回去就可以,当然你可以用Serv-U自带的用户导入导出功能。
更新好后遇到一个问题,原来的用户登录提示密码过期,请修改密码。
响应: 530 PASSWORD EXPIRED - please change password before proceeding. 530 PASSWORD EXPIRED - please change password before proceeding.
测试修改密码后登录正常。
但是如果把所有用户密码都重新修改一遍,还有很大账户是内置在其他系统里面,更换密码需要更新程序,这是一个庞大的工程。
查看Serv-U官方解释是他们从15.2开始更新了用户密码保存的加密算法,不再兼容老版本用户的加密的密码。
Serv-U version 15.2 will be using a stronger encryption for the user password. This will affect the Domain and Database users. Windows Authentication and LDAP Authentication accounts will use the same password. After upgrading to version 15.2, Serv-U will treat all Domain and Database user passwords as expired. This will cause the accounts to fail the authentication process. Once the password is changed, it will now be encrypted using a stronger hashing algorithm. Here are the suggested Resolution: 1. Update and change the user account password through the Management Console - Launch the Serv-U Management Console - Go to Domains > Users > Domain Users or Database Users tab - Edit each account and manually set the password (this can be the same password as the old one) 2. End-users will have the ability to change their password if they are connecting to ServU through Web Client. Once they enter their credentials, they will be prompted to enter their old and new password. The need to use a different password. FTP and SFTP connections will not have the option to change passwords.
这一改动官方论坛出现了很大的反对意见,因为很多人应该和我一样,需要更新的密码太多了不想动。
https://thwack.solarwinds.com/product-forums/serv-u-ftp-mft/f/forum/22681/beware-of-v15-2—password-expiry-bug
https://thwack.solarwinds.com/product-forums/serv-u-ftp-mft/f/forum/22779/serv-u-15-2-forced-password-change-for-all-accounts—entirely-unworkable-in-production
最后官方说在15.2.1将修复这个问题,重新下载15.2.1,测试已经可以正常登录。