The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pure-Ftpd Not Working on cPanel 56

Discussion in 'General Discussion' started by luisamaral, May 3, 2016.

  1. luisamaral

    luisamaral Registered

    Joined:
    May 3, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brasil
    cPanel Access Level:
    Root Administrator
    Hi,

    After upgrading to cPanel 56.0 (build 9), I can't connect to the FTP, using TLS, with my Netbeans FTP Client.
    Before this upgrade, on FTP Server Configuration, was using "Broken Clients Compatibility" = "Yes" .

    I have tried change "Broken Clients Compatibility" to "No", but didn't work.

    Here are the logs:

    At FTP client:
    - Could not generate DH Keypair
    - Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive)

    At server, /var/log/messages:
    pure-ftpd: [WARNING] Sorry, cleartext sessions and weak ciphers are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms.

    Any idea how to solve this?

    Thanks
     
  2. Metro2

    Metro2 Well-Known Member

    Joined:
    May 24, 2006
    Messages:
    376
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Hi luisamaral,

    I know this is a long-shot and might not have anything to do with your issue, but take a look at this other thread - All users get blocked when FTP

    You may need to make sure that your PassivePortRange is set correctly in /var/cpanel/conf/pureftpd/main and if you're running CSF you may need to make sure that the TCP_IN setting in your CSF Firewall Configuration has the port range entered correctly as well.
     
  3. Karl

    Karl Well-Known Member
    PartnerNOC

    Joined:
    Aug 10, 2001
    Messages:
    84
    Likes Received:
    1
    Trophy Points:
    8
    The issue is that on April 20th, cPanel generated new DH params for pure-ftpd in:

    /etc/ssl/private/pure-ftpd-dhparams.pem


    They generated 3072 bit params and Jave (as everywhere notes) only supports 2048 bit params.

    You can verify this:

    openssl dh -in /etc/ssl/private/pure-ftpd-dhparams.pem -text -noout

    First line will tell you the size of the params.

    The solution:

    cp /etc/ssl/private/pure-ftpd-dhparams.pem /etc/ssl/private/pure-ftpd-dhparams.pem.bak
    openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
    service pure-ftpd restart
     
    Infopro likes this.
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The change stems from the following entry in the cPanel 56 change log:

    Fixed case CPANEL-4968: Update pure-ftpd to 1.0.42-4.cp1156.

    The case addressed an issue that resulted in Pure-ftpd failing to start when the DH parameters file was missing.

    Thank you.
     
  5. luisamaral

    luisamaral Registered

    Joined:
    May 3, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brasil
    cPanel Access Level:
    Root Administrator
    Thanks Karl.

    As @cPanelMichael said, the file did not exist.
    So , I generated that using the command:

    openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048

    And now it works.

    Solved.

     
    #5 luisamaral, Jul 3, 2016
    Last edited by a moderator: Jul 3, 2016
Loading...

Share This Page