The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pure FTP TLS Cipher Setting

Discussion in 'Security' started by ErkDog, Feb 13, 2015.

  1. ErkDog

    ErkDog Member

    Joined:
    Jan 26, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    So seemingly randomly Filezilla stopped allowing FTPES and was giving a handshake error.

    Long story short, I tracked it down to this:

    TLSCipherSuite: "!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5"

    When WHM Builds the pure-ftpd.conf it does NOT put the double quotes there.

    Pure FTP was seemingly ignoring the configuration directive.

    Clients which supported older SSL/TLS would connect fine, but not FileZilla as it had retired the older methods.

    I was negotiating at RC4-SHA 128Bit in FlashFXP.

    (@) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with RC4-SHA, 128 secret bits cipher

    After adding the double quotes, Filezilla is now working again, and both clients negotiate @

    Feb 13 18:45:33 thunder pure-ftpd: (@) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher

    Please fix this ASAP, because people are unwittingly allowing ollllllld TLS negotiation since WHM isn't saving the config properly.

    Thanks,
    Matt

    - - - Updated - - -

    Update: FlashFXP Negotiates:

    Enabled TLSv1/SSLv3 with DHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher

    Filezilla Negotiates:

    Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher

    Either way, proper high encryption :-D
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  3. MSC

    MSC Registered
    PartnerNOC

    Joined:
    Jul 2, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Hi,

    Is there any news regarding this? We are now needing to login with the "plain" password encryption option. I supose that it's related to this
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I couldn't find a support ticket related to this issue, so it appears the original poster never opened a ticket. Could you open a support ticket so we can take a closer look and open an internal case if necessary? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page