Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Pure-Ftpd Not Working on cPanel 56

Discussion in 'General Discussion' started by luisamaral, May 3, 2016.

  1. luisamaral

    luisamaral Registered

    Joined:
    May 3, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brasil
    cPanel Access Level:
    Root Administrator
    Hi,

    After upgrading to cPanel 56.0 (build 9), I can't connect to the FTP, using TLS, with my Netbeans FTP Client.
    Before this upgrade, on FTP Server Configuration, was using "Broken Clients Compatibility" = "Yes" .

    I have tried change "Broken Clients Compatibility" to "No", but didn't work.

    Here are the logs:

    At FTP client:
    - Could not generate DH Keypair
    - Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive)

    At server, /var/log/messages:
    pure-ftpd: [WARNING] Sorry, cleartext sessions and weak ciphers are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.

    Any idea how to solve this?

    Thanks
     
  2. Metro2

    Metro2 Well-Known Member

    Joined:
    May 24, 2006
    Messages:
    408
    Likes Received:
    20
    Trophy Points:
    168
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Hi luisamaral,

    I know this is a long-shot and might not have anything to do with your issue, but take a look at this other thread - All users get blocked when FTP

    You may need to make sure that your PassivePortRange is set correctly in /var/cpanel/conf/pureftpd/main and if you're running CSF you may need to make sure that the TCP_IN setting in your CSF Firewall Configuration has the port range entered correctly as well.
     
  3. Karl

    Karl Well-Known Member
    PartnerNOC

    Joined:
    Aug 10, 2001
    Messages:
    84
    Likes Received:
    1
    Trophy Points:
    308
    The issue is that on April 20th, cPanel generated new DH params for pure-ftpd in:

    /etc/ssl/private/pure-ftpd-dhparams.pem


    They generated 3072 bit params and Jave (as everywhere notes) only supports 2048 bit params.

    You can verify this:

    openssl dh -in /etc/ssl/private/pure-ftpd-dhparams.pem -text -noout

    First line will tell you the size of the params.

    The solution:

    cp /etc/ssl/private/pure-ftpd-dhparams.pem /etc/ssl/private/pure-ftpd-dhparams.pem.bak
    openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
    service pure-ftpd restart
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Infopro likes this.
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The change stems from the following entry in the cPanel 56 change log:

    Fixed case CPANEL-4968: Update pure-ftpd to 1.0.42-4.cp1156.

    The case addressed an issue that resulted in Pure-ftpd failing to start when the DH parameters file was missing.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. luisamaral

    luisamaral Registered

    Joined:
    May 3, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brasil
    cPanel Access Level:
    Root Administrator
    Thanks Karl.

    As @cPanelMichael said, the file did not exist.
    So , I generated that using the command:

    openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048

    And now it works.

    Solved.

     
    #5 luisamaral, Jul 3, 2016
    Last edited by a moderator: Jul 3, 2016
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice