Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Pure-FTPd TLS-Auth

Discussion in 'General Discussion' started by trparky, Aug 4, 2005.

  1. trparky

    trparky Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    184
    Likes Received:
    1
    Trophy Points:
    168
    A couple of our users are experiencing the following connection error while using CuteFTP.
    SSL: Error in negotiating SSL connection. The server could be rejecting your certificate.​
    I am going out on a limb here, but I assume it is because by default, Cpanel sets PureFTPd up with a self-signed certificate.

    How can we fix this?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Do you have an SPI firewall installed? If so, you'll have to open a hole in it for the ephemeral ports (converting it to a less secure static firewall) because FTP over SSL will not work through an SPI firewall (it can't by design).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. trparky

    trparky Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    184
    Likes Received:
    1
    Trophy Points:
    168
    The only thing that gets me is that SmartFTP works with no issues. Is SmartFTP doing something different?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    No idea. I would suspect that it is failing back to non-SSL, since the issue is with how an SPI firewall works.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. consultorpc

    consultorpc Well-Known Member
    PartnerNOC

    Joined:
    Jun 18, 2003
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    156
    I fet it working using FTP over TLS (explicit) with FileZilla in PASV mode, but with CuteFTP Pro I get the same error as you:

    STATUS:> Connected. Exchanging encryption keys...
    ERROR:> SSL: Error in negotiating SSL connection. The server could be rejecting your certificate.
    ERROR:> Failed to establish data socket.

    In the logs I can see this:

    Jun 15 07:56:56 vps501 pure-ftpd: (?@IP) [INFO] New connection from IP
    Jun 15 07:56:57 vps501 pure-ftpd: (?@IP) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-SHA, 256 secret bits cipher
    Jun 15 07:56:57 vps501 pure-ftpd: (?@IP) [INFO] user is now logged in

    So I think it should be something worng with CuteFTP software.
     
  6. consultorpc

    consultorpc Well-Known Member
    PartnerNOC

    Joined:
    Jun 18, 2003
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    156
    Hi again,

    After some tweaking I get it sorted, just activate Clear Data Channel in Site Properties in CuteFTP as it seems encrypted data isn't supported by the default Pure-FTPd installation in cPanel.

    Regards.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice