'proftpd' failed protocol test [FTP] at [localhost]:21 [TCP/IP TLS] -- SSL connection error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number

  • Hello.


    I have just seen, that my system log is spammed from service monit.d with this error:


    Code
    'proftpd' failed protocol test [FTP] at [localhost]:21 [TCP/IP TLS] -- SSL connection error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number


    It is there a thousand times!

    What is wrong here?


    If I turn off SSL in FTP config, the error is gone...

  • I have sa same problem.

    And When I try to upload something on ftp I get disconnected with the error below


    Error: GnuTLS error -110 in gnutls_record_send: The TLS connection was non-properly terminated.

    Error: Could not write to transfer socket: ECONNRESET - Connection reset by peer

    Error: Connection closed by server

    Error: File transfer failed after transferring 227,950,592 bytes in 30 seconds

  • This is a known bug which Volker already fixed in an upcoming OMV 5.5.24 release.


    See the relevant Github issue here. Also scroll to the bottom and read the comment there; it links to another page detailing how to install the update early if you can't wait.


    As for me, I did manage to fix the ProFTPd problem manually by editing this file through an SSH terminal and then issuing the following command: omv-salt deploy run monit (produces a lot of output but should say at the end that all went well)


    This is of course a bit risky... but so far, so good. I have an usable FTP server with SSL/TLS once again.

  • cubemin thanks for pointing this out, but this is still not successful on my system.


    Side note: I am on OMV 5.6.1-1

    Code
    user@aries:~$ sudo apt list openmediavault
    openmediavault/usul,usul,now 5.6.1-1 all [installed]


    I edited the files, did a deploy and can see that the config for monit is adopted correctly and added the with ssl statement.

    Monit is still complaining about that ssl error.

    Code
    Mar 2 12:39:36 aries monit[12266]: 'proftpd' failed protocol test [FTP] at [localhost]:2221 [TCP/IP TLS] -- SSL connection error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
    Mar 2 12:39:36 aries monit[12266]: 'proftpd' trying to restart
    Mar 2 12:39:36 aries monit[12266]: 'proftpd' stop: '/etc/init.d/proftpd stop'
    Mar 2 12:39:36 aries systemd[1]: Stopping LSB: Starts ProFTPD daemon...
    Mar 2 12:39:36 aries proftpd[13294]: aries.local - ProFTPD killed (signal 15)
    Mar 2 12:39:36 aries proftpd[13294]: aries.local - ProFTPD 1.3.6 standalone mode SHUTDOWN
    Mar 2 12:39:36 aries proftpd[13529]: Stopping ftp server: proftpd.
    Mar 2 12:39:36 aries systemd[1]: proftpd.service: Succeeded.


    monit config

    Code
    check process proftpd with pidfile /run/proftpd.pid
    start program = "/etc/init.d/proftpd restart"
    stop program = "/etc/init.d/proftpd stop"
    mode active
    # Do not specify a protocol here, so Monit will use a default connection test
    # where we do not need to take care about whether SSL/TLS is enabled or not.
    # BACKUP: if failed port 2221 for 3 cycles then restart
    if failed port 2221 protocol ftp with ssl for 3 cycles then restart


    I tried to look for a more generic solution with proftpd, but could only find posts dating back to 2006 suggesting to force a specific TLS version.


    Anyone fixed it only by adding the above (with ssl) to monit? Any one else having the same issue?

  • The latest version of OMV should have fixed this issue completely.

    I have the same problem with OMV 5.6.1-1 too. I haven't added any extra options or directives to FTP configuration.


    Could you specify the known fixed OMV version? Do you you mean 5.6.2-1?

  • The latest version of OMV should have fixed this issue completely.

    I'm not understanding where or why you're trying to add this "with ssl" part...

    Sorry for the confusion, I am not adding anything directly to the file. I simply implemented the pull request manually (https://github.com/openmediava…f934f24e199eebe98b381ae53) which, if you read carefully is adding with ssl (protocol ftp with ssl to be 100% correct) to the monit config if tls is activated.


    It wasn't in there, even though I am running on 5.6.1..


    Disabled monit watching for ftp for now.. Will check back with the next update.

  • I had a look at the Github commit again, and it looks different from what I'd seen before. The "with ssl" part was new to me.

    I don't know enough to tell why you're still having monit issues. :(

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!