phpscott

Member
Dec 15, 2002
11
0
151
Everything works fine from every location and ISP I have access to, however, a client cannot connect and the following error shows up in /var/log/secure:

Feb 2 13:57:07 sunray proftpd[21681]: sunray.XXXXX.com (999.999.999.999[999.999.999.999]) - mod_tls/2.1.2: unexpected OpenSSL error, disconnecting
Feb 2 13:57:07 sunray proftpd[21681]: sunray.XXXXX.com (999.999.999.999[999.999.999.999]) - mod_tls/2.1.2: SSL_shutdown error [1]: (unknown)
Feb 2 13:57:07 sunray proftpd[21681]: sunray.XXXXX.com (999.999.999.999[999.999.999.999]) - FTP session closed.

I tried flushing the rules in IPTables long enough to test and the client still has the issue. I tried PureFTP as well with a similar error. The client can connect through "regular" FTP fine. Since port 21 is used regardless, it cannot be a firewall port issue correct? Can the client's firewall block only TLS/SSL connections? Any assistance or nudge in the correct direction would be appreciated.

Scott
 

SB-Nick

Well-Known Member
Aug 26, 2008
175
9
68
cPanel Access Level
Root Administrator
Hello Scott,

Are you sure your customer uses a FTP client that supports SSL/TLS?
Try
Paste your proftpd config file (or at least the <IfModule mod_tls.c>
section) so we can see if there is something we should look on.
 

phpscott

Member
Dec 15, 2002
11
0
151
Thank you, Nick, for responding. The client tried four different clients and is currently using FileZilla. Below is the config. file entry you requested:

<IfModule mod_tls.c>
TLSEngine on
TLSRequired off
TLSRSACertificateFile /etc/ftpd-rsa.pem
TLSRSACertificateKeyFile /etc/ftpd-rsa-key.pem
TLSVerifyClient off
TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
</IfModule>

Scott
 

SB-Nick

Well-Known Member
Aug 26, 2008
175
9
68
cPanel Access Level
Root Administrator
Scott,

Are you sure both Cert and Key files exists and have data on it?

Enable TLS logging and see if it shows any further error info, you can enable logging by adding the following,

TLSLog /var/log/proftpd/tls.log

After that, remove the TLSCipherSuite and add

TLSProtocol SSLv23

Restart the FTP daemon and try again, don't forget to watch the tls log when testing.
 

phpscott

Member
Dec 15, 2002
11
0
151
Nick,
I almost forgot about this thread. The client is no longer doing work with us due to lack of volume, so I have no way to duplicate the issue(s). I have made a note regarding your latest reply as the client plans on returning if volume picks up again. Thank you.

Scott