so right now i'am trying to configure vsftpd server for FTP(e)S. It seems i am encountering issues with different clients. Secure FTPD works fine for me. Filezilla not.
The output from Filezilla
tatus: Connecting to foo:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220 "Welcome to FTP!"
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::Failure(-12, 53)
Trace: GnuTLS alert 40: Handshake failed
Error: GnuTLS error -12: A TLS fatal alert has been received.
Paste from vsftpd:
# Could be whatever you like, or 990 if you want to use the now-deprecated ftps port.
listen_port=21
# Limit passive ports to this range to assis firewalling
pasv_min_port=30000
pasv_max_port=30003
#May be needed to help packets through some NAT/firewall setups. The address
# is the external ip of the machine, assuming it is a static one.
pasv_address= "foo" ---> we NAT everything so this has the EXTERNAL IP
# Set to ssl_enable=YES if you want to enable SSL
ssl_enable=YES
anon_mkdir_write_enable=NO
anon_root=/srv/ftp
anon_upload_enable=NO
idle_session_timeout=900
log_ftp_protocol=YES
pasv_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
# Path to the certificate and key files (which should be the same file)
rsa_cert_file=/etc/vsftpd2.pem
rsa_private_key_file=/etc/vsftpd2.pem
# No ssl for bad boys
#allow_anon_ssl=NO
# All local logins (i.e. non-anonymous) are forced to use ssl.
force_local_data_ssl=NO
#force_local_logins_ssl=YES
#dsa_cert_file=/etc/vsftpd.pem
require_ssl_reuse=NO
So question is: what goes wrong here? BTW: I am furthermore not completely sure what the difference is between ftps and ftpEs
Thank you
ok, found it. Apparently there is some strange behavior between the latest filezilla 3.5 client and ftps.
for vsftpd, the solution was simply to add: ssl_ciphers=HIGH in the vsftpd.conf file
I'am not sure whether i am allowed to post this as well, but there is a threat about this in the filezilla forums.
http://forum.filezilla-project.org/viewtopic.php?f=2&t=23280
If
chroot_local_user=yes
is used thenssl_ciphers=HIGH
wont work.