ProFTPD - A TLS fatal alert has been received

    in 1.1.18 wurde ja die Unterstützung für proftpd sslv2 & sslv3 Protokolle wegen den Poodle Attacken deaktiviert ...
    Gibt es momenatn überhaupt einen FTP Client der noch über SSL benutzbar ist, oder mache ich etwas falsch?
    Bei FileZilla z.b. gehts nur noch unverschüsselt bei SSL gibts eine Fehlermeldung:

    Code
    1. Befehl: AUTH TLS
    2. Antwort: 234 AUTH TLS successful
    3. Status: Initialisiere TLS...
    4. Fehler: GnuTLS error -12: A TLS fatal alert has been received.
    5. Fehler: Herstellen der Verbindung zum Server fehlgeschlagen

    Hello ;


    Bug confirmed. I'll fix.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    Re ;


    Ok, the cipher list was wrong. I've forgot that TLS share SSL3 ciphers which should not be disabled so. TLS must be forced only by the TLSProtocol parameter .I've also fixed some other things in same time such as the NoSessionReuseRequired parameter which is not always available.


    Now, this is working:


    FileZilla output

    Code
    1. Status: Resolving address of domain.tldStatus: Connecting to 192.168.5.111:21...Status: Connection established, waiting for welcome message...Response: 220 ProFTPD 1.3.5rc3 Server (trusty.nuxwin.com) [::ffff:192.168.5.111]Command: AUTH TLSResponse: 234 AUTH TLS exécuté avec succèsStatus: Initializing TLS...Status: Verifying certificate...Command: USER [email protected]: TLS/SSL connection established.Response: 331 Mot de passe requis pour [email protected]: PASS ********Response: 230 Utilisateur [email protected] authentifiéCommand: OPTS UTF8 ONResponse: 200 UTF-8 activéCommand: PBSZ 0Response: 200 PBSZ 0 exécuté avec succèsCommand: PROT PResponse: 200 Protection set to PrivateStatus: ConnectedStatus: Retrieving directory listing...Command: PWDResponse: 257 "/" est le répertoire courantStatus: Directory listing successfulStatus: Disconnected from server


    /var/log/proftpd/ftp_ssl.log:

    Shell-Script
    1. root@trusty:/usr/local/src/imscp# tail -fn0 /var/log/proftpd/ftp_ssl.log
    2. 2014-12-08 02:16:18,467 mod_tls/2.4.5[21158]: TLS/TLS-C requested, starting TLS handshake
    3. 2014-12-08 02:16:18,490 mod_tls/2.4.5[21158]: client supports secure renegotiations
    4. 2014-12-08 02:16:18,490 mod_tls/2.4.5[21158]: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES128-SHA (128 bits)
    5. 2014-12-08 02:16:18,543 mod_tls/2.4.5[21158]: Protection set to Private


    Don't forget that you must use explicit TLS connection by adding the ftpes prefix. For instance: ftpes://domain.tld


    I'll commit in few minutes.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    Re


    Should be fixed. See https://github.com/i-MSCP/imsc…59c646dcd3b098061467d95bc

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support