Weird? anyone else with this issue? I did all ubuntu server 18 updates a few days ago and now client can not connet via ftp to their sites using explicit TLS. Don't know if it was a pure-ftp update or openssl update but now the connections give: pure-ftp ERROR TLS renegotiation I used the tutorial available here to re-install pure-fto, generate a new certificate and forced pure-ftp to use, only accept TLS. No avail. Plain text works fine. OpenSSl Test with port 21 ****@PPPP:~# openssl s_client -connect ***.***.***.101:21 CONNECTED(00000005) 140346606842304:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 316 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
What is the status of pure-ftpd-mysql? Do run "service pure-ftpd-mysql status" to check. Do further check based on the tutorial for ubuntu 18.04 apache / nginx at pureftpd parts. E.g. /etc/default/pure-ftpd-common, /etc/pure-ftpd/conf/TLS, /etc/ssl/private/. Check all the SSL certs for it, whether they have already expired.
The SSl is new since i did the pure-ftp tutorial again. Even got the pop up to accept the new cert. # service pure-ftpd-mysql status ● pure-ftpd-mysql.service Loaded: loaded (/etc/init.d/pure-ftpd-mysql; generated) Active: active (running) since Tue 2019-08-20 09:03:54 WEST; 9min ago Docs: man:systemd-sysv-generator(8) Process: 1653 ExecStart=/etc/init.d/pure-ftpd-mysql start (code=exited, status=0/SUCCESS) Tasks: 1 (limit: 4678) CGroup: /system.slice/pure-ftpd-mysql.service └─1666 pure-ftpd (SERVER) Aug 20 09:05:57 test.localhost pure-ftpd[8088]: (?@***.***.56.1) [ERROR] TLS renegociation Aug 20 09:06:13 test.localhost pure-ftpd[23298]: (?@***.***.56.1) [INFO] New connection from 192.168.56.1 Aug 20 09:06:13 test.localhost pure-ftpd[23298]: (?@***.***.56.1) [DEBUG] Command [auth] [TLS] Aug 20 09:06:13 test.localhost pure-ftpd[23298]: (?@***.***.56.1) [ERROR] TLS renegociation Aug 20 09:06:51 test.localhost pure-ftpd[26810]: (?@::1) [INFO] New connection from ::1 Aug 20 09:06:51 test.localhost pure-ftpd[26810]: (?@::1) [DEBUG] Command [quit] [] Aug 20 09:06:51 test.localhost pure-ftpd[26810]: (?@::1) [INFO] Logout. Aug 20 09:10:01 test.localhost pure-ftpd[27593]: (?@::1) [INFO] New connection from ::1 Aug 20 09:10:01 test.localhost pure-ftpd[27593]: (?@::1) [DEBUG] Command [quit] [] Aug 20 09:10:01 test.localhost pure-ftpd[27593]: (?@::1) [INFO] Logout.
Try using a different FTP client, e.g. fireftp which is a firefox plugin or use the FTP (not SFTPor SCP) mode if winSCP.
@zapyahoo @till I am running into exact same problem. It connects through plain text but doesn't connect over TLS . Maybe its a problem with pure-ftpd-mysql. I'll try to remove that and install pure-ftpd (normal)
Don't do that, FTP will not work anymore then at all as users can't connect. pure-ftpd without mysql can not be used as it can not connect to mysql. Instead. try using a different FTP client like fireftp or winscp in ftp mode.
@till I just tested pure-ftpd on fresh Ubuntu 18.04 (which pureftp has 1.46) and fresh 19.04 (1.47) concluding that TLS works perfectly after following steps you mentioned in ubuntu 18.04 perfect server on 1.47 but doesn't work on 1.46. I found one ppa (launchpad dot net/~joshuaspring9/+archive/ubuntu/pure-ftpd) with 1.47 for bionic but idk if its trustworthy or not. Maybe I need to compile from source. Can you please provide me brief instructions to compile? Thanks much. Big fan
There is bug report on Ubuntu for that: https://bugs.launchpad.net/ubuntu/+source/pure-ftpd/+bug/1842669 https://bugs.launchpad.net/ubuntu/+source/pure-ftpd/+bug/1832998 Info on compiling yourself, easily found using Internet Search Engines: https://help.ubuntu.com/community/CompilingSoftware
Strange. Mine works fine while using Ubuntu 18.04.3 default pure-ftpd-mysql 1.0.46. As advised above, you should try a different ftp client, just to make sure that it is not an ftp client problem, as filezilla 3.40 has known issue with its TLS1.3 support as the same is not handled properly in pure-ftpd-mysql 1.046.
@ahrasis @Taleman Appreciating both of yours help. I've been trying to get TLS working since 12 hours. Tried everything from completely uninstalling pure-ftpd to installing latest from source to again uninstalling fully to installing 1.47 from 19.04 to switching to 5 other FTP clients. Tinkered with all other settings disabling firewall, ipv4/6, changing ports, switching active passive but NO LUCK I always get this Code: Command: AUTH TLS Response: 502 AUTH TLS OK. Command: AUTH SSL Error: Could not connect to server TLS auth is working but listing isn't happening. Who knows if something is conflicting or pure-ftp has bugs, I'll have to wait till ubuntu updates package
I think if you did the above to resolve your problem, or use other ftp client, then it should work fine too, however, you report that as failing as well. So, if you want to fix it, please try checking the result of all these in the terminal: Code: apt-get install pure-ftpd-common pure-ftpd-mysql openssl # This will show all their version if installed cat /etc/pure-ftpd/conf/TLS # This normally is 1 as per the tutorial ls -lath /etc/ssl/private/ # You should have both pure-ftpd-dhparams.pem and pure-ftpd.pem service pure-ftpd-mysql restart # You should successfully restart it service pure-ftpd-mysql status # Status should be ok with no error Check if the ftp port 21 and 22 are open for connections. Try searching for that error will also help if everything above is ok. https://lmgtfy.com/?q=ftp+Error:+Could+not+connect+to+server&p=1
Ok, so you can connect with TLS but it stopped when trying to list folders? In that case, your passive ports are blocked. https://www.faqforge.com/linux/cont...ange-in-pure-ftpd-on-denian-and-ubuntu-linux/ And as a side note, I use Ubuntu 18.04 with its default pure-ftpd-mysql binary as well here and it works fine with TLS, so there is no issue with that package regarding TLS. the only issue that the old pure-ftpd version has is an incompatibility with the latest FileZilla version, other clients are not affected and older filezilla versions are not affected too.
I've given up with Filezilla for similar reasons - Coffeecup FTP Free seems to work just fine, I haven't tried any other clients yet so there may be others that work.
@till @ahrasis @Taleman After many hours of brain blowing troubleshooting by trying to fix server, eventually found out problem was so simple but I was looking at wrong side. Problem was from client side, my ISP is blocking FTPES connections while allowing plain text FTP. This is too shady, clients would connect to FTP even when FTPES is available allowing them to look at which types of files we're I wonder how do they achieve this? btw i am very grateful for help
That is because from the tutorial we allow them to do that. I think if you change the above content to 2 only then it will force everybody to use only FTPES access.
Yes i know. But you didn't get me. If I try to connect to FTPES it just won't work via my ISP but with my mobile data hotspot i can connect to same server with FTPES
Hi, today I just got the same issue using FTP client Filezilla. I tried with SCP for windows and I am able to connect Yesterday filezilla client works properly and I didnt update the client, so the same version. I am reading the discussion but I see some reinstall stuff but I don't want to try if I am not sure. Any idea? I have Ubuntu 18.04 with ispconfig installed following 1 of your nice guide **service pure-ftpd-mysql status** ● pure-ftpd-mysql.service Loaded: loaded (/etc/init.d/pure-ftpd-mysql; generated) Active: active (running) since Mon 2019-09-16 21:09:30 CEST; 3min 46s ago Docs: man:systemd-sysv-generator(8) Process: 1442 ExecStart=/etc/init.d/pure-ftpd-mysql start (code=exited, status=0/SUCCESS) Tasks: 1 (limit: 4915) CGroup: /system.slice/pure-ftpd-mysql.service └─1500 pure-ftpd (SERVER) Sep 16 21:10:18 vps7 pure-ftpd[2046]: ([email protected]) [INFO] New connection from xx.23.40.yy Sep 16 21:10:19 vps7 pure-ftpd[2046]: ([email protected]) [ERROR] TLS renegociation ...
You don't need to do anything just change your client from filezilla to Flash FTP and if it still doesn't work try changing local internet. Then tell if it works
As I reported, problem is with Filezilla client ftp over TLS...it worked for ages and stopped works...I am sure, I didnt instal new version of Filezilla... BTW I can use WinSCP without problem using "TLS/SSL Explicit encryption". It's real strange...something changed on my pc? A Windows 10 update? Who can say...I agree with you, it seems a client ftp issue... I also tried from another pc with another internet line, same version of client filezilla and same configuration and filezilla reports the same error: Error: GnuTLS error -110 in gnutls_record_recv: The TLS connection was non-properly terminated. Status: Server did not properly shut down TLS connection Error: Could not read from socket: ECONNABORTED - Connection aborted Error: Could not connect to server
