Pure FTP TLS Cipher Setting

ErkDog

Member
Jan 26, 2004
13
0
151
So seemingly randomly Filezilla stopped allowing FTPES and was giving a handshake error.

Long story short, I tracked it down to this:

TLSCipherSuite: "!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5"

When WHM Builds the pure-ftpd.conf it does NOT put the double quotes there.

Pure FTP was seemingly ignoring the configuration directive.

Clients which supported older SSL/TLS would connect fine, but not FileZilla as it had retired the older methods.

I was negotiating at RC4-SHA 128Bit in FlashFXP.

(@) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with RC4-SHA, 128 secret bits cipher

After adding the double quotes, Filezilla is now working again, and both clients negotiate @

Feb 13 18:45:33 thunder pure-ftpd: (@) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher

Please fix this ASAP, because people are unwittingly allowing ollllllld TLS negotiation since WHM isn't saving the config properly.

Thanks,
Matt

- - - Updated - - -

Update: FlashFXP Negotiates:

Enabled TLSv1/SSLv3 with DHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher

Filezilla Negotiates:

Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher

Either way, proper high encryption :-D
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello :)

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

MSC

Registered
PartnerNOC
Jul 2, 2012
3
0
1
cPanel Access Level
DataCenter Provider
Hi,

Is there any news regarding this? We are now needing to login with the "plain" password encryption option. I supose that it's related to this
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
I couldn't find a support ticket related to this issue, so it appears the original poster never opened a ticket. Could you open a support ticket so we can take a closer look and open an internal case if necessary? You can post the ticket number here so we can update this thread with the outcome.

Thank you.