Ubuntu - lftp가 ftps 사이트에 연결하지 못합니다(치명적인 오류: gnutls_handshake: 예기치 않은 TLS 패킷이 수신되었습니다.)

Ubuntu - lftp가 ftps 사이트에 연결하지 못합니다(치명적인 오류: gnutls_handshake: 예기치 않은 TLS 패킷이 수신되었습니다.)

lftp를 사용하여 연결할 수 없는 특정 FTP 사이트가 있습니다.

연결하려고 하면 다음 오류가 발생합니다.

Fatal error: gnutls_handshake: An unexpected TLS packet was received

gnutls-cli를 사용하여 연결하면 협상하고 실제로 USER 명령을 실행할 수 있는 올바른 설정을 찾습니다. 내가 요구하는 것은 올바르게 인증할 수 있도록 gnutls 부분에 대한 올바른 lftp 구성에 대한 포인터입니다.

고쳐 쓰다:내가 본 것은 gnutls-cli를 사용할 때 사용할 올바른 MAC 및 비밀번호를 선택한다는 것입니다.

|<4>| HSK[0x24073f0]: Selected cipher suite: RSA_3DES_EDE_CBC_SHA1

lftp에서 호출할 때와의 차이점은 다음과 같습니다.

GNUTLS: ENC[0x1918cd0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0

다음은 lftp 및 gnutls-cli의 구성 및 디버그 출력입니다.

lftp 구성

lftp
set ssl:priority NORMAL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2
set ftps:initial-prot P
set ftp:ssl-allow yes
set ftp:ssl-force yes
set ftp:ssl-protect-list yes
set ftp:ssl-protect-data yes
set ftp:ssl-protect-fxp yes
set ssl:verify-certificate no
debug 999999999
open ftps://XXX.XXX.XXX.XXX:990
quote USER <username>

gnutls-cli 구성

gnutls-cli --starttls-proto=ftp XXX.XXX.XXX.XXX -p 990 --no-ca-verification -d 5

*일부 측면은 익명으로 처리되었지만 프로토콜과 관련이 없습니다*

lftp 디버그 출력

lftp
lftp :~> set ssl:priority NORMAL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2
lftp :~> set ftps:initial-prot P
lftp :~> set ftp:ssl-allow yes
lftp :~> set ftp:ssl-force yes
lftp :~> set ftp:ssl-protect-list yes
lftp :~> set ftp:ssl-protect-data yes
lftp :~> set ftp:ssl-protect-fxp yes
lftp :~> set ssl:verify-certificate no
lftp :~> debug 999999999
lftp :~> open ftps://XXX.XXX.XXX.XXX:990
---- Resolving host address...
buffer: EOF on FD 5
---- 1 address found: XXX.XXX.XXX.XXX
lftp XXX.XXX.XXX.XXX:~> quote USER <username>
FileCopy(0x1475a50) enters state INITIAL
FileCopy(0x1475a50) enters state DO_COPY
---- dns cache hit
---- attempt number 1 (max_retries=1000)
---- Connecting to XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) port 990
GNUTLS: ASSERT: common.c:1110
..............
GNUTLS: REC[0x1918cd0]: Allocating epoch #0
GNUTLS: ASSERT: gnutls_constate.c:596
GNUTLS: REC[0x1918cd0]: Allocating epoch #1
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 (C0.72)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 (C0.73)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_CCM (C0.AC)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_CCM (C0.AD)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_GCM_SHA256 (00.9C)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_GCM_SHA384 (00.9D)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA1 (00.2F)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA256 (00.3C)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA1 (00.35)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA256 (00.3D)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 (00.41)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 (00.84)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CCM (C0.9C)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CCM (C0.9D)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_RSA_3DES_EDE_CBC_SHA1 (00.0A)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_GCM_SHA256 (00.9E)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_GCM_SHA384 (00.9F)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CBC_SHA1 (00.33)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CBC_SHA256 (00.67)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CBC_SHA1 (00.39)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CBC_SHA256 (00.6B)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CCM (C0.9E)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CCM (C0.9F)
GNUTLS: HSK[0x1918cd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
GNUTLS: EXT[0x1918cd0]: Sending extension EXT MASTER SECRET (0 bytes)
GNUTLS: EXT[0x1918cd0]: Sending extension ENCRYPT THEN MAC (0 bytes)
GNUTLS: EXT[0x1918cd0]: Sending extension STATUS REQUEST (5 bytes)
GNUTLS: EXT[0x1918cd0]: Sending extension SERVER NAME (17 bytes)
GNUTLS: EXT[0x1918cd0]: Sending extension SAFE RENEGOTIATION (1 bytes)
GNUTLS: EXT[0x1918cd0]: Sending extension SESSION TICKET (0 bytes)
GNUTLS: EXT[0x1918cd0]: Sending extension SUPPORTED ECC (12 bytes)
GNUTLS: EXT[0x1918cd0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
GNUTLS: EXT[0x1918cd0]: sent signature algo (4.1) RSA-SHA256
GNUTLS: EXT[0x1918cd0]: sent signature algo (4.3) ECDSA-SHA256
GNUTLS: EXT[0x1918cd0]: sent signature algo (5.1) RSA-SHA384
GNUTLS: EXT[0x1918cd0]: sent signature algo (5.3) ECDSA-SHA384
GNUTLS: EXT[0x1918cd0]: sent signature algo (6.1) RSA-SHA512
GNUTLS: EXT[0x1918cd0]: sent signature algo (6.3) ECDSA-SHA512
GNUTLS: EXT[0x1918cd0]: sent signature algo (3.1) RSA-SHA224
GNUTLS: EXT[0x1918cd0]: sent signature algo (3.3) ECDSA-SHA224
GNUTLS: EXT[0x1918cd0]: sent signature algo (2.1) RSA-SHA1
GNUTLS: EXT[0x1918cd0]: sent signature algo (2.3) ECDSA-SHA1
GNUTLS: EXT[0x1918cd0]: Sending extension SIGNATURE ALGORITHMS (22 bytes)
GNUTLS: HSK[0x1918cd0]: CLIENT HELLO was queued [248 bytes]
GNUTLS: REC[0x1918cd0]: Preparing Packet Handshake(22) with length: 248 and min pad: 0
GNUTLS: ENC[0x1918cd0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
GNUTLS: REC[0x1918cd0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 253
GNUTLS: ASSERT: gnutls_buffers.c:1154
GNUTLS: REC[0x1918cd0]: SSL 50.48 Unknown Packet packet received. Epoch 0, length: 11603
GNUTLS: ASSERT: gnutls_record.c:572
GNUTLS: Received record packet of unknown type 50
GNUTLS: ASSERT: gnutls_record.c:1076
GNUTLS: ASSERT: gnutls_record.c:1158
GNUTLS: ASSERT: gnutls_buffers.c:1409
GNUTLS: ASSERT: gnutls_handshake.c:1446
GNUTLS: ASSERT: gnutls_handshake.c:2762
**** gnutls_handshake: An unexpected TLS packet was received.
GNUTLS: REC[0x1918cd0]: Start of epoch cleanup
GNUTLS: REC[0x1918cd0]: End of epoch cleanup
GNUTLS: REC[0x1918cd0]: Epoch #0 freed
GNUTLS: REC[0x1918cd0]: Epoch #1 freed
---- Closing control socket
quote: USER <username>: Fatal error: gnutls_handshake: An unexpected TLS packet was received.

gnutls-cli 디버그 출력

gnutls-cli --starttls-proto=ftp XXX.XXX.XXX.XXX -p 990 --no-ca-verification -d 5
|<3>| ASSERT: common.c:1110...
Processed 173 CA certificate(s).
Resolving 'XXX.XXX.XXX.XXX'...
Connecting to 'XXX.XXX.XXX.XXX:990'...
|<5>| REC[0x24073f0]: Allocating epoch #0
|<3>| ASSERT: gnutls_constate.c:596
|<5>| REC[0x24073f0]: Allocating epoch #1
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 (C0.72)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 (C0.73)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_CCM (C0.AC)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_CCM (C0.AD)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_GCM_SHA256 (00.9C)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_GCM_SHA384 (00.9D)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA1 (00.2F)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA256 (00.3C)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA1 (00.35)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA256 (00.3D)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 (00.41)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 (00.84)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CCM (C0.9C)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CCM (C0.9D)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_RSA_3DES_EDE_CBC_SHA1 (00.0A)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_GCM_SHA256 (00.9E)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_GCM_SHA384 (00.9F)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CBC_SHA1 (00.33)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CBC_SHA256 (00.67)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CBC_SHA1 (00.39)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CBC_SHA256 (00.6B)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CCM (C0.9E)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CCM (C0.9F)
|<4>| HSK[0x24073f0]: Keeping ciphersuite: GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
|<4>| EXT[0x24073f0]: Sending extension EXT MASTER SECRET (0 bytes)
|<4>| EXT[0x24073f0]: Sending extension ENCRYPT THEN MAC (0 bytes)
|<4>| EXT[0x24073f0]: Sending extension STATUS REQUEST (5 bytes)
|<4>| EXT[0x24073f0]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<4>| EXT[0x24073f0]: Sending extension SESSION TICKET (0 bytes)
|<4>| EXT[0x24073f0]: Sending extension SUPPORTED ECC (12 bytes)
|<4>| EXT[0x24073f0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
|<4>| EXT[0x24073f0]: sent signature algo (4.1) RSA-SHA256
|<4>| EXT[0x24073f0]: sent signature algo (4.3) ECDSA-SHA256
|<4>| EXT[0x24073f0]: sent signature algo (5.1) RSA-SHA384
|<4>| EXT[0x24073f0]: sent signature algo (5.3) ECDSA-SHA384
|<4>| EXT[0x24073f0]: sent signature algo (6.1) RSA-SHA512
|<4>| EXT[0x24073f0]: sent signature algo (6.3) ECDSA-SHA512
|<4>| EXT[0x24073f0]: sent signature algo (3.1) RSA-SHA224
|<4>| EXT[0x24073f0]: sent signature algo (3.3) ECDSA-SHA224
|<4>| EXT[0x24073f0]: sent signature algo (2.1) RSA-SHA1
|<4>| EXT[0x24073f0]: sent signature algo (2.3) ECDSA-SHA1
|<4>| EXT[0x24073f0]: Sending extension SIGNATURE ALGORITHMS (22 bytes)
|<4>| HSK[0x24073f0]: CLIENT HELLO was queued [227 bytes]
|<5>| REC[0x24073f0]: Preparing Packet Handshake(22) with length: 227 and min pad: 0
|<5>| REC[0x24073f0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 232
|<3>| ASSERT: gnutls_buffers.c:1154
|<5>| REC[0x24073f0]: SSL 3.1 Handshake packet received. Epoch 0, length: 950
|<5>| REC[0x24073f0]: Expected Packet Handshake(22)
|<5>| REC[0x24073f0]: Received Packet Handshake(22) with length: 950
|<5>| REC[0x24073f0]: Decrypted Packet[0] Handshake(22) with length: 950
|<4>| HSK[0x24073f0]: SERVER HELLO (2) was received. Length 77[946], frag offset 0, frag length: 77, sequence: 0
|<4>| HSK[0x24073f0]: Server's version: 3.1
|<4>| HSK[0x24073f0]: SessionID length: 32
|<4>| HSK[0x24073f0]: SessionID: 000003031e05c5fea2ec00000000000000000000000000005b69ab4d00000001
|<4>| HSK[0x24073f0]: Selected cipher suite: RSA_3DES_EDE_CBC_SHA1
|<4>| HSK[0x24073f0]: Selected compression method: NULL (0)
|<4>| EXT[0x24073f0]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
|<4>| HSK[0x24073f0]: Safe renegotiation succeeded
|<3>| ASSERT: gnutls_buffers.c:1154
|<4>| HSK[0x24073f0]: CERTIFICATE (11) was received. Length 861[865], frag offset 0, frag length: 861, sequence: 0
|<3>| ASSERT: gnutls_buffers.c:1392
|<3>| ASSERT: extensions.c:65
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
|<3>| ASSERT: dn.c:250
|<3>| ASSERT: dn.c:250
|<3>| ASSERT: extensions.c:65
 - subject `<example.cert>', RSA key 1024 bits, signed using RSA-SHA1, activated `2009-09-10 00:00:00 UTC', expires `2021-04-24 23:59:59 UTC', SHA-1 fingerprint `555555555555555555555555555555555555555'
        Public Key ID:
                PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
        Public key's random art:
                +--[ RSA 1024]----+
                |            o.o  |
                |            .= E.|
                |             .B.o|
                |              .= |
                |        S     = .|
                |       . o .  .= |
                |        . . . oo.|
                |             . o+|
                |              .o.|
                +-----------------+

|<3>| ASSERT: gnutls_buffers.c:1154
|<4>| HSK[0x24073f0]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 1, sequence: 0
|<3>| ASSERT: gnutls_buffers.c:1145
|<3>| ASSERT: gnutls_buffers.c:1392
|<3>| ASSERT: gnutls_buffers.c:1374
|<3>| ASSERT: extensions.c:65
|<4>| HSK[0x24073f0]: CLIENT KEY EXCHANGE was queued [134 bytes]
|<4>| REC[0x24073f0]: Sent ChangeCipherSpec
|<5>| REC[0x24073f0]: Initializing epoch #1
|<5>| REC[0x24073f0]: Epoch #1 ready
|<4>| HSK[0x24073f0]: Cipher Suite: RSA_3DES_EDE_CBC_SHA1
|<4>| HSK[0x24073f0]: Initializing internal [write] cipher sessions
|<4>| HSK[0x24073f0]: recording tls-unique CB (send)
|<4>| HSK[0x24073f0]: FINISHED was queued [16 bytes]
|<5>| REC[0x24073f0]: Preparing Packet Handshake(22) with length: 134 and min pad: 0
|<5>| REC[0x24073f0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 139
|<5>| REC[0x24073f0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x24073f0]: Sent Packet[3] ChangeCipherSpec(20) in epoch 0 and length: 6
|<5>| REC[0x24073f0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0
|<5>| REC[0x24073f0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45
|<5>| REC[0x24073f0]: SSL 3.1 ChangeCipherSpec packet received. Epoch 0, length: 1
|<5>| REC[0x24073f0]: Expected Packet ChangeCipherSpec(20)
|<5>| REC[0x24073f0]: Received Packet ChangeCipherSpec(20) with length: 1
|<5>| REC[0x24073f0]: Decrypted Packet[1] ChangeCipherSpec(20) with length: 1
|<4>| HSK[0x24073f0]: Cipher Suite: RSA_3DES_EDE_CBC_SHA1
|<3>| ASSERT: gnutls_buffers.c:1154
|<5>| REC[0x24073f0]: SSL 3.1 Handshake packet received. Epoch 0, length: 40
|<5>| REC[0x24073f0]: Expected Packet Handshake(22)
|<5>| REC[0x24073f0]: Received Packet Handshake(22) with length: 40
|<5>| REC[0x24073f0]: Decrypted Packet[0] Handshake(22) with length: 16
|<4>| HSK[0x24073f0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0
|<5>| REC[0x24073f0]: Start of epoch cleanup
|<5>| REC[0x24073f0]: Epoch #0 freed
|<5>| REC[0x24073f0]: End of epoch cleanup
- Description: (TLS1.0)-(RSA)-(3DES-CBC)-(SHA1)
- Session ID: 00:00:03:03:1E:05:C5:FE:A2:EC:00:00:00:00:00:00:00:00:00:00:00:00:00:00:5B:69:AB:4D:00:00:00:01
|<3>| ASSERT: server_name.c:298
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: 3DES-CBC
- MAC: SHA1
- Compression: NULL
|<3>| ASSERT: status_request.c:350
|<3>| ASSERT: gnutls_ui.c:797
- Options: safe renegotiation,
|<3>| ASSERT: srtp.c:317
|<3>| ASSERT: alpn.c:227
- Handshake was completed
|<3>| ASSERT: status_request.c:350

- Simple Client Mode:

답변1

@Ptier, 교체해 보세요

open ftps://XXX.XXX.XXX.XXX:990

도착하다

set ftp:ssl-auth TLS
open ftp://XXX.XXX.XXX.XXX:990

그러면 "cd: Fatal error: gnutls_handshake: 예기치 않은 TLS 패킷이 수신되었습니다."라는 오류가 사라집니다.

관련 정보