FTP over TLS Stopped Working

Ahmed Shibani

Registered
May 7, 2016
1
0
1
Tripoli
cPanel Access Level
Root Administrator
Hello;

Since the last update to WHM 11.56.0.14, Users are unable to connect to FTP using TLS. This used to work before the update. Ports 3000-5000 are allowed in the firewall and PureFTPD is configured to use those port numbers for passive connections.

This is the error from FileZilla
Code:
Status:    Resolving address of x.x.x
Status:    Connecting to x.x.x.x:21...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Error:    Connection timed out after 20 seconds of inactivity
Error:    Could not connect to server
Users are able to authenticates if they change FTP to use plain passwords.

Here is the system information:
Code:
/etc/redhat-release:CloudLinux Server release 6.5 (Pavel Popovich)
/usr/local/cpanel/version:11.56.0.14
/var/cpanel/envtype:standard
CPANEL=release
Server version: Apache/2.4.18 (Unix)
Cpanel::Easy::Apache v3.32.11 rev9999 +cloudlinux
Has anyone faced this issue? Any recommendations on how to fix?

Best Regards
 

cliveaustin

Registered
Apr 23, 2010
4
0
51
I have discovered exactly the same issue on my cPanel/WHM PureFTP server.
This is the error I see when trying to connect using FileZilla ...

Code:
Status: Connecting to 192.168.0.101:21...
Status: Connection established, waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 1 of 50 allowed.
Response: 220-Local time is now 13:59. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 15 minutes of inactivity.
Command: AUTH TLS
Response: 234 AUTH TLS OK.
Status: Initializing TLS...
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server
...but everything works normally as expected if I connect using "old fashioned" (insecure) FTP so I've had to disable FTP over TLS for the time being just to stop clients complaining. I'm pretty sure this is going to be a TLS handshake issue but it's got me stumped for now! Anyone got any pointers where I should start looking?
 
Last edited by a moderator:

mujikcom

Registered
May 9, 2013
1
0
51
cPanel Access Level
Reseller Owner
Not sure if this is of direct relevance but certainly it may have some bearing. I received the same error on an account I regularly use with Ftp over TLS - suddenly and without warning it would only accept plain FTP. I haven't used vanilla FTP for some years and considering the security issues was not going to start now. Checked all the server settings and nothing had changed, TLS/SSL certs were good, I could connect to the server and the site using https no worries. But I had a glip with the internet and swapped over to mobile data. My regular internet came back on and voila! all started working again. Not sure of the technical reasons - my normal IP is fixed and the mobile data is not but I do not have any extra security to fix it to a specific IP. Mobile provider was not blocking port 21 as TLS works over this as well.
All very weird but it may help someone. You SHOULD NOT use vanilla FTP in any circumstance but especially with domain credentials.