[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[gftp] TLS issues using gftp

To: gftp-users@xxxxxxxx
Subject: [gftp] TLS issues using gftp
From: Hakan Bjorklund <hakan.bjorklund@xxxxxxxxx>
Date: Thu, 26 May 2005 15:25:15 +0200
Delivered-to: archiver@seul.org
Delivered-to: gftp-users-outgoing@seul.org
Delivered-to: gftp-users@seul.org
Delivery-date: Thu, 26 May 2005 09:24:36 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=NPlC8hmmiProGSaLE1ZizZITC2eC4YAFglelJ+onK5ehwN005b9WLRpUHwphibcCaa1VnsHounMC7GuqrlRZFPufgdWmR8Dm5Z+fqtFe/RBY3QMhJooSKipphH1uZIKN105vEGYucIXKJaZd9fv1wZg0WYipXQ6HVkvv5wn/XNg=
Reply-to: gftp-users@xxxxxxxx
Sender: owner-gftp-users@xxxxxxxx

Hi!

I have an ftp-server running proftpd using TLSv1. Normaly there are no
issues connecting to this ftp using Flashfxp or Ultrafxp, but gftp has
some problems. I'll list some technical info below and then try to get
back to the problem at hand.

>gftp --version
gFTP 2.0.18

ProFTPD 1.2.10 Server

TLS setup as follows.
openssl req -new -x509 -nodes -days 365 -out proftpd.pem -keyout proftpd.pem

ProFTPD settings as follows.
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1
TLSRequired on
TLSRSACertificateFile /etc/proftpd.pem
TLSRSACertificateKeyFile /etc/proftpd.pem
TLSOptions NoCertRequest
TLSVerifyClient off
</IfModule>

What happens is that gftp try to send a comand PROT C to the server
wich it will not accept and then the connection is aborted with the
following message in gftp.

Connected to 127.0.0.1:21
220 ProFTPD 1.2.10 Server (xxx.xxx.xxx) [127.0.0.1]
AUTH TLS
234 AUTH TLS successful
SSL connection established using TLSv1/SSLv3 (DHE-RSA-AES256-SHA)
PBSZ 0
200 PBSZ 0 successful
PROT C
534 Unwilling to accept security parameters
Disconnecting from site 127.0.0.1

and the follwing in the tls.log

May 26 15:29:37 mod_tls/2.0.7[9059]: TLS/TLS-C requested, starting TLS handshake
May 26 15:29:37 mod_tls/2.0.7[9059]: TLSv1/SSLv3 connection accepted,
using cipher DHE-RSA-AES256-SHA (256 bits)
May 26 15:29:37 mod_tls/2.0.7[9059]: PROT: unwilling to accept
security parameter (C), declining

I have tried looking for answers to this but i have yet to find a
solution for it. It's fine since my users can connect to the server
but i cant connect to servers running the same type of configuration,
this renders the setup somewhat useless in one way or another. glftpd
is one answer to this problem but i like ProFTPD and i hope that
someone has a solution for this. Like i mentioned earlier i have no
idea what PROT C does and neither does google, i'm not that hot on
source-code (sadly) otherwise i might have figured this out by now.

I say thanks in advanced for the people who take interest in this problem.




-----------------------
Hakan Bjorklund
hakan.bjorklund@xxxxxxxxx

Prev by Author: [gftp] gFTP Locks Up
Next by Author: Re: [gftp] gFTP Locks Up
Previous by thread: Re: [gftp] double click
Next by thread: [gftp] translations files (.po)
Index(es):
- Author
- Thread