[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[gftp] TLS issues using gftp


I have an ftp-server running proftpd using TLSv1. Normaly there are no
issues connecting to this ftp using Flashfxp or Ultrafxp, but gftp has
some problems. I'll list some technical info below and then try to get
back to the problem at hand.

>gftp --version
gFTP 2.0.18

ProFTPD 1.2.10 Server

TLS setup as follows.
openssl req -new -x509 -nodes -days 365 -out proftpd.pem -keyout proftpd.pem

ProFTPD settings as follows.
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1
TLSRequired on
TLSRSACertificateFile /etc/proftpd.pem
TLSRSACertificateKeyFile /etc/proftpd.pem
TLSOptions NoCertRequest
TLSVerifyClient off

What happens is that gftp try to send a comand PROT C to the server
wich it will not accept and then the connection is aborted with the
following message in gftp.

Connected to
220 ProFTPD 1.2.10 Server (xxx.xxx.xxx) []
234 AUTH TLS successful
SSL connection established using TLSv1/SSLv3 (DHE-RSA-AES256-SHA)
200 PBSZ 0 successful
534 Unwilling to accept security parameters
Disconnecting from site

and the follwing in the tls.log

May 26 15:29:37 mod_tls/2.0.7[9059]: TLS/TLS-C requested, starting TLS handshake
May 26 15:29:37 mod_tls/2.0.7[9059]: TLSv1/SSLv3 connection accepted,
using cipher DHE-RSA-AES256-SHA (256 bits)
May 26 15:29:37 mod_tls/2.0.7[9059]: PROT: unwilling to accept
security parameter (C), declining

I have tried looking for answers to this but i have yet to find a
solution for it. It's fine since my users can connect to the server
but i cant connect to servers running the same type of configuration,
this renders the setup somewhat useless in one way or another. glftpd
is one answer to this problem but i like ProFTPD and i hope that
someone has a solution for this. Like i mentioned earlier i have no
idea what PROT C does and neither does google, i'm not that hot on
source-code (sadly) otherwise i might have figured this out by now.

I say thanks in advanced for the people who take interest in this problem.

Hakan Bjorklund