| View previous topic :: View next topic |
| Author |
Message |
Vieri
l33t
Joined: 18 Dec 2005
Posts: 907
|
 Posted: Mon Aug 28, 2017 1:02 pm Post subject: [SOLVED] vsftpd FTP server and client trying to ls dir |
 |
|
Hi,
I just hit a really weird issue.
I'm serving files with FTPS explicit encryption on a Gentoo vsftpd server.
Everything is OK as long as there are less than 30 files in a given directory.
As soon as there are 30+ I get a TLS/SSL error on the client, and the dir listing is not available.
| Code: | # emerge --info vsftpd
net-ftp/vsftpd-3.0.2-r1::gentoo was built with the following:
USE="pam ssl tcpd -caps (-selinux) -xinetd" ABI_X86="(64)"
|
The client's FTP log shows:
| Code: | WinSCP v. 5.9.6
. 2017-08-28 14:50:15.489 Data connection opened
. 2017-08-28 14:50:15.489 Trying reuse main TLS session ID
. 2017-08-28 14:50:15.489 TLS layer changed state from none to connected
< 2017-08-28 14:50:15.489 150 Here comes the directory listing.
. 2017-08-28 14:50:15.505 Session ID reused
. 2017-08-28 14:50:15.505 TLS connect: SSLv3 read server hello A
. 2017-08-28 14:50:15.505 TLS connect: SSLv3 read finished A
. 2017-08-28 14:50:15.505 TLS connect: SSLv3 write change cipher spec A
. 2017-08-28 14:50:15.505 TLS connect: SSLv3 write finished A
. 2017-08-28 14:50:15.505 TLS connect: SSLv3 flush data
. 2017-08-28 14:50:15.505 Using TLSv1.2, cipher TLSv1/SSLv3: AES256-GCM-SHA384, 4096 bit RSA, AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
. 2017-08-28 14:50:15.505 TLS connection established
. 2017-08-28 14:50:15.505 SSL3 alert write: fatal: protocol version
. 2017-08-28 14:50:15.505 error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
. 2017-08-28 14:50:15.505 wrong version number
. 2017-08-28 14:50:15.505 TLS layer changed state from connected to closed
. 2017-08-28 14:50:15.505 Data connection closed
|
Here's my vsftpd conf file:
| Code: | dirmessage_enable=YES
dirlist_enable=YES
ftpd_banner=My FTP server
chown_uploads=NO
xferlog_enable=YES
idle_session_timeout=600
data_connection_timeout=120
ascii_upload_enable=NO
ascii_download_enable=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/user_list
listen=YES
listen_address=10.215.144.91
ls_recurse_enable=NO
max_clients=30
max_per_ip=10
anonymous_enable=NO
local_enable=YES
write_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
local_max_rate=1310720
pasv_max_port=3000
pasv_min_port=2990
pasv_addr_resolve=YES
pasv_address=ftp.mydomain.org
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/ssl/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/ssl/vsftpd/vsftpd.pem
vsftpd_log_file=/var/log/vsftpd.lan.log
log_ftp_protocol=YES
ssl_ciphers=HIGH
|
What can I try?
Vieri
Last edited by Vieri on Wed Aug 30, 2017 9:14 pm; edited 1 time in total |
|
| Back to top |
|
 |
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Wed Aug 30, 2017 1:29 pm Post subject: |
|
|
Have you tried an FTPS client on the local machine (aka the server) ?
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
Vieri
l33t
Joined: 18 Dec 2005
Posts: 907
|
| Posted: Wed Aug 30, 2017 9:13 pm Post subject: |
|
|
I switched to proftpd. Works great for now.
Thanks. |
|
| Back to top |
|
|
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Thu Aug 31, 2017 4:22 pm Post subject: |
|
|
Glad you found a way. You're welcome  .
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
|
Networking & Security
