• Home »
  • »
  • VSFTPD Error: GnuTLS error -9: A TLS packet with unexpected length was received.

VSFTPD Error: GnuTLS error -9: A TLS packet with unexpected length was received.

I was tasked with configuring VSFTPD to allow SFTP or FTPES (FTP over explicit TLS/SSL) tonight for a client. The configuration already had regular FTP working which I verified using FileZilla as an FTP client. I was able to login and transfer files in both directions to and from the server. Next I verified that SFTP worked without issue and I was able to also transfer files in both directions using SFTP. For FTPES I had to make some changes and once I did make the changes I was still getting an error when attempting to do a directory listing using FileZilla. Below I describe the initial changes I made to vsftpd.conf, the errors I received attempting to connect with FTPES, and the way I resolved the problem.

Configure VSFTPD For FTPES or File Transfer Protocol With Explicit TLS/SSL:

First generate an SSL certificate to use with the FTP server by issuing the below line from the Linux server CLI.

Generate SSL Certificate For VSFTPD Server:


  1. openssl req -x509 -nodes -days 365 -newkey rsa:1024  -keyout /etc/vsftpd/vsftpd.pem  -out /etc/vsftpd/vsftpd.pem

You will be required to fill in the typical SSL certificate information such as Country, State, City, company, department, and email address. Once the SSL certificate has been completed add the below configuration lines to the /etc/vsftpd/vsftpd.conf file using your favorite file editor such as vi.

Modify vsftpd.conf To Allow FTPES Connections/Transfers:


  1. # FTPES Conf Additions
  2. ssl_enable=YES
  3. allow_anon_ssl=NO
  4. force_local_data_ssl=NO
  5. force_local_logins_ssl=NO
  6. ssl_tlsv1=YES
  7. ssl_sslv2=NO
  8. ssl_sslv3=NO
  9. rsa_cert_file=/etc/vsftpd/vsftpd.pem

You can modify force_local_logins_ssl and force_local_data_ssl both to YES depending on if you want to allow regular FTP connections or not. After saving the changes you will need to restart vsftpd using syntax similar to the below.

Restart vsftpd For FTPES Changes To Take Effect:


  1. [root@dev vsftpd]# /etc/init.d/vsftpd restart
  2. Shutting down vsftpd: [  OK  ]
  3. Starting vsftpd for vsftpd: [  OK  ]

After making all of the proper configuration changes this is where I ran into my first issue. When attempting to connect to the server using FTP with explicit TLS/SSL I received an error attempting to do a directory listing. I was able to connect but then the connection would drop. Below is part of the error as seen from FileZilla upon trying to connect to the vsftpd server using FTPES.

FileZilla Error Connecting To vsftpd Server Using FTPES:


  1. Response:   150 Here comes the directory listing.
  2. Error:  GnuTLS error -9: A TLS packet with unexpected length was received.
  3. Status: Server did not properly shut down TLS connection
  4. Error:  Could not read from transfer socket: ECONNABORTED - Connection aborted
  5. Response:   226 Directory send OK.
  6. Error:  Failed to retrieve directory listing

Luckily the first thing I thought to do was check that VSFTPD was the latest and greatest version. The version I was running was vsftpd version 2.0.5-12 and I noticed via yum that vsftpd version 2.0.5-16 was available. Since it is always easy to upgrade packages like this via yum I decided to give this a shot first. Below I show how to verify you are running the latest vsftpd version available from your yum repositories and if not how to upgrade to the latest version.

Verify vsftpd Is The Latest Version Using Yum:


  1. [root@dev vsftpd]# yum list *VSFTP*
  2. Loading "installonlyn" plugin
  3. Setting up repositories
  4. base                      100% |=========================| 2.1 kB    00:00
  5. updates                   100% |=========================| 1.9 kB    00:00
  6. addons                    100% |=========================|  951 B    00:00
  7. extras                    100% |=========================| 1.1 kB    00:00
  8. Reading repository metadata in from local files
  9. Installed Packages
  10. vsftpd.x86_64                            2.0.5-12.el5           installed
  11. Available Packages
  12. vsftpd.x86_64                            2.0.5-16.el5_4.1       updates

Upgrade vsftpd Using Yum On CentOS Linux:


  1. [root@dev vsftpd]# yum install vsftpd
  2. Loading "installonlyn" plugin
  3. Setting up Install Process
  4. Setting up repositories
  5. Reading repository metadata in from local files
  6. Parsing package install arguments
  7. Resolving Dependencies
  8. --> Populating transaction set with selected packages. Please wait.
  9. ---> Downloading header for vsftpd to pack into transaction set.
  10. vsftpd-2.0.5-16.el5_4.1.x 100% |=========================|  18 kB    00:00
  11. ---> Package vsftpd.x86_64 0:2.0.5-16.el5_4.1 set to be updated
  12. --> Running transaction check
  14. Dependencies Resolved
  16. =============================================================================
  17.  Package                 Arch       Version          Repository        Size
  18. =============================================================================
  19. Updating:
  20.  vsftpd                  x86_64     2.0.5-16.el5_4.1  updates           139 k
  22. Transaction Summary
  23. =============================================================================
  24. Install      0 Package(s)
  25. Update       1 Package(s)
  26. Remove       0 Package(s)
  28. Total download size: 139 k
  29. Is this ok [y/N]: y
  30. Downloading Packages:
  31. (1/1): vsftpd-2.0.5-16.el 100% |=========================| 139 kB    00:00
  32. Running Transaction Test
  33. Finished Transaction Test
  34. Transaction Test Succeeded
  35. Running Transaction
  36.   Updating  : vsftpd                                                 [1/2]warning: /etc/vsftpd/vsftpd.conf created as /etc/vsftpd/vsftpd.conf.rpmnew
  37.   Updating  : vsftpd                       ######################### [1/2]
  38.   Cleanup   : vsftpd                       ######################### [2/2]
  40. Updated: vsftpd.x86_64 0:2.0.5-16.el5_4.1
  41. Complete!

After upgrading vsftpd I restarted the ftp server again using the command displayed above and attempted to connect again with FileZilla. Sure enough things worked without issue this time. It always pays to run the latest and greatest software to make sure you have all of the latest bug fixes and security patches.

Linux Server Security (Paperback)

List Price: $44.95 USD
New From: $21.95 USD In Stock
Used from: $0.15 USD In Stock

Linux Administration: A Beginner’s Guide, Fifth Edition (Paperback)

List Price: $39.99
New From: $15.93 USD In Stock
Used from: $2.94 USD In Stock