The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ProFTP and TLS/SSL

Discussion in 'General Discussion' started by phpscott, Feb 2, 2009.

  1. phpscott

    phpscott Member

    Joined:
    Dec 15, 2002
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Everything works fine from every location and ISP I have access to, however, a client cannot connect and the following error shows up in /var/log/secure:

    Feb 2 13:57:07 sunray proftpd[21681]: sunray.XXXXX.com (999.999.999.999[999.999.999.999]) - mod_tls/2.1.2: unexpected OpenSSL error, disconnecting
    Feb 2 13:57:07 sunray proftpd[21681]: sunray.XXXXX.com (999.999.999.999[999.999.999.999]) - mod_tls/2.1.2: SSL_shutdown error [1]: (unknown)
    Feb 2 13:57:07 sunray proftpd[21681]: sunray.XXXXX.com (999.999.999.999[999.999.999.999]) - FTP session closed.

    I tried flushing the rules in IPTables long enough to test and the client still has the issue. I tried PureFTP as well with a similar error. The client can connect through "regular" FTP fine. Since port 21 is used regardless, it cannot be a firewall port issue correct? Can the client's firewall block only TLS/SSL connections? Any assistance or nudge in the correct direction would be appreciated.

    Scott
     
  2. SB-Nick

    SB-Nick Well-Known Member

    Joined:
    Aug 26, 2008
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hello Scott,

    Are you sure your customer uses a FTP client that supports SSL/TLS?
    Try
    Paste your proftpd config file (or at least the <IfModule mod_tls.c>
    section) so we can see if there is something we should look on.
     
  3. phpscott

    phpscott Member

    Joined:
    Dec 15, 2002
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Thank you, Nick, for responding. The client tried four different clients and is currently using FileZilla. Below is the config. file entry you requested:

    <IfModule mod_tls.c>
    TLSEngine on
    TLSRequired off
    TLSRSACertificateFile /etc/ftpd-rsa.pem
    TLSRSACertificateKeyFile /etc/ftpd-rsa-key.pem
    TLSVerifyClient off
    TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
    </IfModule>

    Scott
     
  4. SB-Nick

    SB-Nick Well-Known Member

    Joined:
    Aug 26, 2008
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Scott,

    Are you sure both Cert and Key files exists and have data on it?

    Enable TLS logging and see if it shows any further error info, you can enable logging by adding the following,

    TLSLog /var/log/proftpd/tls.log

    After that, remove the TLSCipherSuite and add

    TLSProtocol SSLv23

    Restart the FTP daemon and try again, don't forget to watch the tls log when testing.
     
  5. phpscott

    phpscott Member

    Joined:
    Dec 15, 2002
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Nick,
    I almost forgot about this thread. The client is no longer doing work with us due to lack of volume, so I have no way to duplicate the issue(s). I have made a note regarding your latest reply as the client plans on returning if volume picks up again. Thank you.

    Scott
     
Loading...

Share This Page