Aborting WinSCP FTPS downloads via TLS 1.3 results in disconnects

[gabberhead]

What I Did

when i download a file, and i abort the download, i get a disconnect every time. but aborting uploads are working without a disconnect.

this is what i get in the tls. log:

2024-01-02 12:35:55,866 mod_tls/2.9.2[511260]: panic: SSL_ERROR_SYSCALL, line 11170: system error: Datenübergabe unterbrochen (broken pipe)
2024-01-02 12:35:55,867 mod_tls/2.9.2[511260]: unexpected OpenSSL error, disconnecting
2024-01-02 12:35:59,302 mod_tls/2.9.2[511268]: TLS/TLS-C requested, starting TLS handshake
2024-01-02 12:35:59,495 mod_tls/2.9.2[511268]: client supports secure renegotiations

i have tested it also with tls 1.2, but with the same result. ftp client is the newest winscp.

What I Expected/Wanted

i want aborting downloads, without getting a disconnect

ProFTPD Version and Configuration

proftpd -V
Compile-time Settings:
  Version: 1.3.9rc2 (devel)
  Platform: LINUX [Linux 5.10.0-26-amd64 x86_64]
  OS/Release:
    PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
    NAME="Debian GNU/Linux"
    VERSION_ID="11"
    VERSION="11 (bullseye)"
    VERSION_CODENAME=bullseye
    ID=debian
  Built: Mo Jan 1 2024 15:30:56 CET
  Built With:
    configure  '--with-libraries=/usr/local/lib64' '--with-includes=/usr/local/include/openssl' '--enable-openssl' '--enable-buffer-size' '--enable-nls' '--with-modules=mod_tls:mod_site_misc'

  CFLAGS: -g2 -O2 -Wall -fno-omit-frame-pointer -fno-strict-aliasing
  LDFLAGS: -Wl,-L$(top_srcdir)/lib,-L$(top_builddir)/lib  -rdynamic -L/usr/local/lib64
  LIBS:  -lssl -lcrypto -lssl -lcrypto  -lpam -lcrypt -ldl  -pthread

  Files:
    Configuration File:
      /usr/local/etc/proftpd.conf
    Pid File:
      /usr/local/var/proftpd.pid
    Scoreboard File:
      /usr/local/var/proftpd.scoreboard

  Info:
    + Max supported UID: 4294967295
    + Max supported GID: 4294967295

  Features:
    - Autoshadow support
    - Controls support
    - curses support
    - Developer support
    - DSO support
    + IPv6 support
    + Largefile support
    - Lastlog support
    - Memcache support
    - ncurses support
    + NLS support
    + OpenSSL support (OpenSSL 3.2.0 23 Nov 2023, FIPS enabled)
    - PCRE support
    - PCRE2 support
    - POSIX ACL support
    - Redis support
    + Sendfile support
    + Shadow file support
    - Sodium support
    + Trace support
    + xattr support

  Tunable Options:
    PR_TUNABLE_BUFFER_SIZE = 1024
    PR_TUNABLE_DEFAULT_RCVBUFSZ = 65536
    PR_TUNABLE_DEFAULT_SNDBUFSZ = 65536
    PR_TUNABLE_ENV_MAX = 2048
    PR_TUNABLE_GLOBBING_MAX_MATCHES = 100000
    PR_TUNABLE_GLOBBING_MAX_RECURSION = 8
    PR_TUNABLE_HASH_TABLE_SIZE = 40
    PR_TUNABLE_LOGIN_MAX = 256
    PR_TUNABLE_NEW_POOL_SIZE = 512
    PR_TUNABLE_PATH_MAX = 4096
    PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
    PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
    PR_TUNABLE_SELECT_TIMEOUT = 30
    PR_TUNABLE_TIMEOUTIDENT = 10
    PR_TUNABLE_TIMEOUTIDLE = 600
    PR_TUNABLE_TIMEOUTLINGER = 10
    PR_TUNABLE_TIMEOUTLOGIN = 300
    PR_TUNABLE_TIMEOUTNOXFER = 300
    PR_TUNABLE_TIMEOUTSTALLED = 3600
    PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10

proftpd.conf

ServerName				"ProFTPD Server"
DefaultServer			on
PidFile					/run/proftpd.pid
Port					12331
UseIPv6					off
Umask					022
MaxInstances			20
TimeoutLogin			10
User					openvpn
Group					openvpn
AllowOverwrite			on
AllowRetrieveRestart	on
DefaultTransferMode		binary
AllowStoreRestart		on
FactsAdvertise			off
RootLogin				on
UseFtpUsers				off
PassivePorts			55800 60000
ExtendedLog				/usr/local/etc/proftpd/proftpd.log

<Limit SITE_SYMLINK>
	AllowUser root gabberhead
	DenyAll
</Limit>

<Limit SITE_MKDIR>
	AllowUser root gabberhead
	DenyAll
</Limit>

<Limit SITE_RMDIR>
	AllowUser root gabberhead
	DenyAll
</Limit>

<Limit LOGIN>
	AllowUser root gabberhead
	DenyAll
</Limit>

<IfModule mod_tls.c>
TLSEngine					on
TLSProtocol					TLSv1.3
TLSCipherSuite				TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
TLSOptions					NoSessionReuseRequired AllowDotLogin
TLSECCertificateFile		/usr/local/etc/proftpd/proftpd.crt
TLSECCertificateKeyFile		/usr/local/etc/proftpd/proftpd.key
TLSCACertificateFile		/usr/local/etc/proftpd/proftpd.pem
TLSECDHCurve				secp384r1
TLSVerifyClient				optional
TLSRequired					on
TLSLog						/usr/local/etc/proftpd/tls.log
</IfModule>

[Castaglia]

Is there any debug/verbose logging, on the WinSCP client side of things, that might provide more details from what the client is seeing?

[gabberhead]

i didnt log anything on the winscp client yet. shuld i and post it here?

[Castaglia]

i didnt log anything on the winscp client yet. shuld i and post it here?

Yes, please.

[gabberhead]

well, i dont know what happend, but i can not reproduce the disconnects in the moment. i tried it a few times now, but there where no disconnects. if i can reproduce them again, i will post a log here. but right now, i dont know, like i have written before, i cant reproduce them in the moment :) but thanx anyway for try to helping me ;)
ps but i have another problem. the last one, which i can not fix by myself. perhaps u know a solution for it? here i discribed it:

#1763

[Castaglia]

well, i dont know what happend, but i can not reproduce the disconnects in the moment. i tried it a few times now, but there where no disconnects. if i can reproduce them again, i will post a log here. but right now, i dont know, like i have written before, i cant reproduce them in the moment :) but thanx anyway for try to helping me ;)

Thanks for the follow-up. I'm going to close this ticket, then. We can re-open it (or open a new ticket) if/when you see this behavior again.