1

I setup a proftpd server that uses TLS/SSL certificate for authentication.

Everything works well when I connect through lftp or Filezilla (with explicit connection). But once I attempt connecting with simple ftp connection from Filezilla, the USER command ends with the 550 response (SSL/TLS required). After that any further connection through lftp or Filezilla (with explicit connection) will hang authenticating. Anyone knows how to workaround this issue? Is there a way to ask Filezilla to automatically use TLS/SSL if required?

I am using Ubuntu server 10.04 with proftpd 1.3.2c. There is no error message in the log files.

Castaglia
  • 3,349
  • 3
  • 21
  • 42
greydet
  • 171
  • 7

2 Answers2

1

After upgrading from proftpd v1.3.2c to v1.3.4a, the problem does not show up any more.

This was indeed a proftpd bug...

greydet
  • 171
  • 7
0

If you want your ftp server to be accessible via ftp clients that don't speak SSL/TLS or don't support auto-negotiating SSL connection (AUTH SSL/TLS) you need to set this setting for your proftpd server:

TLSRequired off
FINESEC
  • 1,371
  • 7
  • 8
  • I do want TLS for at least authentication. So I use the configuration: TLSRequired auth. The problem is that once someone connects without explicit TLS onnection from Filezilla, the server hangs in authenticating state for all other connection demand – greydet Dec 03 '12 at 12:55
  • Some FTP clients just can't negotiate ssl on demand (they don't send AUTH SSL/TLS command when FTP server asks them to do it). If you want to support buggy/old ftp clients you need to disable enforcing ssl on authentication and data connection. – FINESEC Dec 03 '12 at 13:21
  • Ok for the FTP clients which may not be capable to negotiate SSL on demand. But IMO the server should not stop responding to USER command after the first client connection which does not support SSL negotiation. – greydet Dec 03 '12 at 19:56
  • I see, that looks like a bug in FTP server then. Try vsftpd maybe. – FINESEC Dec 03 '12 at 22:09