ProFTP and TLS/SSL

**phpscott** · 02-02-2009 03:11 PM

Everything works fine from every location and ISP I have access to, however, a client cannot connect and the following error shows up in /var/log/secure:

Feb 2 13:57:07 sunray proftpd[21681]: sunray.XXXXX.com (999.999.999.999[999.999.999.999]) - mod_tls/2.1.2: unexpected OpenSSL error, disconnecting
Feb 2 13:57:07 sunray proftpd[21681]: sunray.XXXXX.com (999.999.999.999[999.999.999.999]) - mod_tls/2.1.2: SSL_shutdown error [1]: (unknown)
Feb 2 13:57:07 sunray proftpd[21681]: sunray.XXXXX.com (999.999.999.999[999.999.999.999]) - FTP session closed.

I tried flushing the rules in IPTables long enough to test and the client still has the issue. I tried PureFTP as well with a similar error. The client can connect through "regular" FTP fine. Since port 21 is used regardless, it cannot be a firewall port issue correct? Can the client's firewall block only TLS/SSL connections? Any assistance or nudge in the correct direction would be appreciated.

Scott

**SB-Nick** · 02-02-2009 09:02 PM

Hello Scott,

Are you sure your customer uses a FTP client that supports SSL/TLS?
Try
Paste your proftpd config file (or at least the <IfModule mod_tls.c>
section) so we can see if there is something we should look on.

**phpscott** · 02-03-2009 12:50 AM

Thank you, Nick, for responding. The client tried four different clients and is currently using FileZilla. Below is the config. file entry you requested:

<IfModule mod_tls.c>
TLSEngine on
TLSRequired off
TLSRSACertificateFile /etc/ftpd-rsa.pem
TLSRSACertificateKeyFile /etc/ftpd-rsa-key.pem
TLSVerifyClient off
TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
</IfModule>

Scott

**SB-Nick** · 02-18-2009 08:35 AM

Scott,

Are you sure both Cert and Key files exists and have data on it?

Enable TLS logging and see if it shows any further error info, you can enable logging by adding the following,

TLSLog /var/log/proftpd/tls.log

After that, remove the TLSCipherSuite and add

TLSProtocol SSLv23

Restart the FTP daemon and try again, don't forget to watch the tls log when testing.

**phpscott** · 02-23-2009 01:28 PM

Nick,
I almost forgot about this thread. The client is no longer doing work with us due to lack of volume, so I have no way to duplicate the issue(s). I have made a note regarding your latest reply as the client plans on returning if volume picks up again. Thank you.

Scott

LinkBack

Thread Tools

ProFTP and TLS/SSL

Filed with Developers [Case 48781] cPanel => TLS/SSL Manager => Create Self-Signed SSL limited State field

No "Setup a SSL Certificate to Work with your Site" Button in SSL/TLS Manager

Going to upgrade to SSL 3.0 or TLS 1.0

WHM SSL and TLS