SOLVED Pure-FTPd Cipher Settings

Hi,

we have the same problem running WHM 60.0 (build 26)
It looks like a bug in pure-ftpd.

I checked the release notes for pure-ftpd:

* Version 1.0.43: The -J switch didn't work any more in 1.0.42. This has been fixed.

The -J switch sets the cipher settings.

Cpanel is running: pure-ftpd-1.0.42-6.cp1156.x86_64

 

A couple days ago we changed the ciphers in one of our cPanel servers to harden for PCI. Today I'm checking scan results and its still requiring a couple 3DES ciphers to be disabled...which i thought already were.

I changed the ciphers in WHM (FTP Server Configuration) then checked using nmap via another box. Nothing is changing, even when putting default ciphers back in. What is interesting is that TLSv1.0 is still available as well, even with !TLSv1

This is the command I am using to check right to the raw IP (no proxy):
# nmap --script ssl-cert,ssl-enum-ciphers -p 21 123.123.123.123

I feel like either I'm missing something obvious, or this nmap script is not working right. Any thoughts? Thanks.

 

Pure-ftp is not applying the cipher list in general. The results of "nmap ... ssl-enum-ciphers" VS "openssl ciphers ..." show different ciphers.

Is this going to be repaired? Or, is there a workaround in the meantime? Quotas and BFD are kinda important.

 

Both the TLS1.0 and 3DES persistence are def PureFTP bugs that are repaired in 1.0.45. The bug/case is CPANEL-11369 to get the cPanel version upgraded or wrapped.

Hopefully the fix is coming soon