ISPConfig - problem with pureftpd TLS

Discussion in 'Installation/Configuration' started by mislav, Apr 13, 2016.

Thread Status:
Not open for further replies.
  1. mislav

    mislav Member

    Hi there.
    OS: Debian 8
    ISPConfig: 3.0.5.4p9 (clean installation, no upgrades)
    There are numerous threads on this matter, however I didn't find solution, thus I'm creating new thread.

    As mentioned, this is clean installation and for some strange reason TLS is not working - plain text auth is indeed working. Error in filezille:
    For every connection, on the server in the syslog there is the following error message:
    When I specify TLS on 2, then when I want to connect using plain text - then I also get this error, but when I switch to one, nothing happens, this error is displayed as well:

    Passive port range is specified:
    And it's firewalled. Any ideas?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Error: GnuTLS error -9: A TLS packet with unexpected length was received.

    Looks to me as if your FTP client sends a packet that the server does not understand.

    Did you try to switch tls mode to 0 and did you try to use a different FTP client, e.g. fireftp plugin in firefox?
     
  3. mislav

    mislav Member

    Hello Till and my bad, I apologize. I completely missed this email from your reply.
    Anyway, about the problem, I've tried to use winscp and I got the same problem - in the log I can see:
    If I set TLS to 0, restart service I get the following error in filezilla:
    Same error about security scheme is not implemented in WinSCP.

    I've also tried to use as suggested fireftp plugin for firefox, with TLS set to 0 I also receive "500 This security scheme is not implemented" and if I set it to TLS 1 same error message is syslog as mentioned above. In addition here is what was in fireftp:
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    TLS = 0 in pure-ftpd config means no TLS, so you have to use no tls in the client then as well. But you disabled tls in the server and enabled tls in the client and this cant work, so please use no tls in server and no tls in client for the test.
     
  5. mislav

    mislav Member

    Plain text authentication is working without problems (no tls).
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok. so the pure-ftpd setup is ok in general. Then you should try to create a new ssl cert for pure-ftpd as that might be broken.
     
  7. mislav

    mislav Member

    Last edited: Apr 20, 2016
  8. kmchen

    kmchen Member

    Hi, exactly the same problem on Debian 9 today. Tried to rebuild certificate. No luck

    Mislav, how did you get through ?
     
  9. calbasi

    calbasi Member

    I have this problem too... Debian 9, ispconfig 3.2.2
    In fact if my ftp client (filezilla) uses:
    mycustomerdomain.tld
    subdomain.mysecondcustomerdomain.tld
    I've received a warning because the certificate pure-ftpd has is myserverdomain.tld. I've accepted it, but no luck.
    If I use plain text auth (insecure) all is OK. So the problem is with TLS
     
  10. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Please open a new thread instead of hijacking old threads.
     
  11. ahrasis

    ahrasis Well-Known Member

    Ftp server SSL certs are meant to be used with your server FQDN, not your clients'.
     
Thread Status:
Not open for further replies.

Share This Page