[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[gftp] TLS issues using gftp
- To: gftp-users@xxxxxxxx
- Subject: [gftp] TLS issues using gftp
- From: Hakan Bjorklund <hakan.bjorklund@xxxxxxxxx>
- Date: Thu, 26 May 2005 15:25:15 +0200
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivery-date: Thu, 26 May 2005 09:24:36 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=NPlC8hmmiProGSaLE1ZizZITC2eC4YAFglelJ+onK5ehwN005b9WLRpUHwphibcCaa1VnsHounMC7GuqrlRZFPufgdWmR8Dm5Z+fqtFe/RBY3QMhJooSKipphH1uZIKN105vEGYucIXKJaZd9fv1wZg0WYipXQ6HVkvv5wn/XNg=
- Reply-to: gftp-users@xxxxxxxx
- Sender: owner-gftp-users@xxxxxxxx
I have an ftp-server running proftpd using TLSv1. Normaly there are no
issues connecting to this ftp using Flashfxp or Ultrafxp, but gftp has
some problems. I'll list some technical info below and then try to get
back to the problem at hand.
ProFTPD 1.2.10 Server
TLS setup as follows.
openssl req -new -x509 -nodes -days 365 -out proftpd.pem -keyout proftpd.pem
ProFTPD settings as follows.
What happens is that gftp try to send a comand PROT C to the server
wich it will not accept and then the connection is aborted with the
following message in gftp.
Connected to 127.0.0.1:21
220 ProFTPD 1.2.10 Server (xxx.xxx.xxx) [127.0.0.1]
234 AUTH TLS successful
SSL connection established using TLSv1/SSLv3 (DHE-RSA-AES256-SHA)
200 PBSZ 0 successful
534 Unwilling to accept security parameters
Disconnecting from site 127.0.0.1
and the follwing in the tls.log
May 26 15:29:37 mod_tls/2.0.7: TLS/TLS-C requested, starting TLS handshake
May 26 15:29:37 mod_tls/2.0.7: TLSv1/SSLv3 connection accepted,
using cipher DHE-RSA-AES256-SHA (256 bits)
May 26 15:29:37 mod_tls/2.0.7: PROT: unwilling to accept
security parameter (C), declining
I have tried looking for answers to this but i have yet to find a
solution for it. It's fine since my users can connect to the server
but i cant connect to servers running the same type of configuration,
this renders the setup somewhat useless in one way or another. glftpd
is one answer to this problem but i like ProFTPD and i hope that
someone has a solution for this. Like i mentioned earlier i have no
idea what PROT C does and neither does google, i'm not that hot on
source-code (sadly) otherwise i might have figured this out by now.
I say thanks in advanced for the people who take interest in this problem.