FTP + SSL/TLS + LetsEncrypt ----> error

  • Hello world !


    Seting up openmediavault FTP with SSL/TLS WITH a letsencrypt cert:



    getting in ssh shell :
    mod_tls.c: error initializing session nas proftpd[31182]: nas.domaine.tld - mod_tls.c: error initializing session: Permission denied -- (error message modified for privacy) 




    Wondering if the proftpd for OMV3.x was built with --with-modules=mod_tls ??



    IF NOT, is it possible to do:
    apt-get remove proftpd-basic ( !! used by OMG3.x )
    then
    download proftpd source and
    ./configure --enable-dso --with-shared=mod_tls ??? :?:

  • anyway, just finish to clone my OMV3.x on a usb key so i am about to test it by myself.


    gimme some minute to screw things up and i come back

    • Offizieller Beitrag

    Of course tls is included, why would be offering the option and then have the binary with tls disabled. Just check with -V, the error is something different.


    Letsencrypt doesn’t work right away in ftp, you need to add a extra directive in the configuration from what I rememeber. The answer I think is here also definetly in google.

  • Using the source for proftpd 1.3.6rc4 with


    Code: ./configure for test
    ./configure --prefix=/opt/proftpd --bindir=/opt/proftpd --sbindir=/opt/proftpd --enable-openssl --enable-dso --with-shared=mod_tls --enable-ctrls




    and no compil error:



    I was able to see a missing include in the proftpd.con pointing to



    Code: missing line in proftpd.conf
    Include /etc/proftpd/tls.conf

    ( no more error like )

    Code
    janv. 04 21:00:30 nas proftpd[3095]: nas.****- ProFTPD 1.3.5 (stable) (built Wed Jun 14 2017 09:03:26 UTC) standalone mode STARTUP
    janv. 04 21:00:30 nas proftpd[3088]: .
    janv. 04 21:00:30 nas systemd[1]: Started LSB: Starts ProFTPD daemon.
    janv. 04 21:01:11 nas proftpd[3103]: nas.***** (LFbn-LYO-1-500-****) - mod_tls.c: error initializing session: Permission non accordée
    janv. 04 21:01:11 nas proftpd[3103]: nas.***** (LFbn-LYO-1-500-*******) - FTP session closed.

    my tls.conf with letsencrypt key


    Generating ftp with ssl/tls connection with filezilla i generate the following error:

  • erreur tls.log



    Code: tls.log
    2018-01-04 00:40:13,601 mod_tls/2.6[26286]: TLS/TLS-C requested, starting TLS handshake
    2018-01-04 00:40:13,662 mod_tls/2.6[26286]: client supports secure renegotiations
    2018-01-04 00:40:13,662 mod_tls/2.6[26286]: TLSv1/SSLv3 connection accepted, using cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
    2018-01-04 00:40:17,571 mod_tls/2.6[26286]: Protection set to Private
    2018-01-04 00:40:37,687 mod_tls/2.6[26294]: TLS/TLS-C requested, starting TLS handshake
    2018-01-04 00:40:37,714 mod_tls/2.6[26294]: client supports secure renegotiations
    2018-01-04 00:40:37,714 mod_tls/2.6[26294]: TLSv1/SSLv3 connection accepted, using cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
    2018-01-04 00:40:37,746 mod_tls/2.6[26294]: Protection set to Private
    2018-01-04 00:50:29,790 mod_tls/2.6[27250]: TLSOption UseImplicitSSL in effect, starting SSL/TLS handshake
    2018-01-04 00:50:49,875 mod_tls/2.6[27250]: unable to accept TLS connection: received EOF that violates protocol

    Any clue ??

  • FINALY

    After reading this post received EOF that violates protocol., i apply a change to the fpt port from 21 to something else.


    With a reboot, now everything works !!!


    Also, the FTP client MUST BE SET TO explicist tls !!!



  • Why are you using implicit ssl?

    sorry for the delayed answer, i was taking a break.


    I did cut/past one of the various log i generate. That one was made with a client with a bad config ....


    Anyway, thank you


    Code
    2018-01-04 00:40:13,662 mod_tls/2.6[26286]: TLSv1/SSLv3 connection accepted, using cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
    2018-01-04 00:40:17,571 mod_tls/2.6[26286]: Protection set to Private
    2018-01-04 00:40:37,687 mod_tls/2.6[26294]: TLS/TLS-C requested, starting TLS handshake
    2018-01-04 00:40:37,714 mod_tls/2.6[26294]: client supports secure renegotiations
    2018-01-04 00:40:37,714 mod_tls/2.6[26294]: TLSv1/SSLv3 connection accepted, using cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
    2018-01-04 00:40:37,746 mod_tls/2.6[26294]: Protection set to Private

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!