Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] vsftpd FTP server and client trying to ls dir
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Vieri
Guru
Guru


Joined: 18 Dec 2005
Posts: 552

PostPosted: Mon Aug 28, 2017 1:02 pm    Post subject: [SOLVED] vsftpd FTP server and client trying to ls dir Reply with quote

Hi,

I just hit a really weird issue.

I'm serving files with FTPS explicit encryption on a Gentoo vsftpd server.

Everything is OK as long as there are less than 30 files in a given directory.
As soon as there are 30+ I get a TLS/SSL error on the client, and the dir listing is not available.

Code:
# emerge --info vsftpd
net-ftp/vsftpd-3.0.2-r1::gentoo was built with the following:
USE="pam ssl tcpd -caps (-selinux) -xinetd" ABI_X86="(64)"


The client's FTP log shows:
Code:
WinSCP v. 5.9.6

. 2017-08-28 14:50:15.489 Data connection opened
. 2017-08-28 14:50:15.489 Trying reuse main TLS session ID
. 2017-08-28 14:50:15.489 TLS layer changed state from none to connected
< 2017-08-28 14:50:15.489 150 Here comes the directory listing.
. 2017-08-28 14:50:15.505 Session ID reused
. 2017-08-28 14:50:15.505 TLS connect: SSLv3 read server hello A
. 2017-08-28 14:50:15.505 TLS connect: SSLv3 read finished A
. 2017-08-28 14:50:15.505 TLS connect: SSLv3 write change cipher spec A
. 2017-08-28 14:50:15.505 TLS connect: SSLv3 write finished A
. 2017-08-28 14:50:15.505 TLS connect: SSLv3 flush data
. 2017-08-28 14:50:15.505 Using TLSv1.2, cipher TLSv1/SSLv3: AES256-GCM-SHA384, 4096 bit RSA, AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
. 2017-08-28 14:50:15.505 TLS connection established
. 2017-08-28 14:50:15.505 SSL3 alert write: fatal: protocol version
. 2017-08-28 14:50:15.505 error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
. 2017-08-28 14:50:15.505 wrong version number
. 2017-08-28 14:50:15.505 TLS layer changed state from connected to closed
. 2017-08-28 14:50:15.505 Data connection closed


Here's my vsftpd conf file:

Code:
dirmessage_enable=YES
dirlist_enable=YES
ftpd_banner=My FTP server
chown_uploads=NO
xferlog_enable=YES
idle_session_timeout=600
data_connection_timeout=120
ascii_upload_enable=NO
ascii_download_enable=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/user_list
listen=YES
listen_address=10.215.144.91
ls_recurse_enable=NO
max_clients=30
max_per_ip=10
anonymous_enable=NO
local_enable=YES
write_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
local_max_rate=1310720
pasv_max_port=3000
pasv_min_port=2990
pasv_addr_resolve=YES
pasv_address=ftp.mydomain.org
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/ssl/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/ssl/vsftpd/vsftpd.pem
vsftpd_log_file=/var/log/vsftpd.lan.log
log_ftp_protocol=YES
ssl_ciphers=HIGH


What can I try?

Vieri


Last edited by Vieri on Wed Aug 30, 2017 9:14 pm; edited 1 time in total
Back to top
View user's profile Send private message
VinzC
Watchman
Watchman


Joined: 17 Apr 2004
Posts: 5021
Location: Dark side of the mood

PostPosted: Wed Aug 30, 2017 1:29 pm    Post subject: Reply with quote

Have you tried an FTPS client on the local machine (aka the server) ?
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!
Back to top
View user's profile Send private message
Vieri
Guru
Guru


Joined: 18 Dec 2005
Posts: 552

PostPosted: Wed Aug 30, 2017 9:13 pm    Post subject: Reply with quote

I switched to proftpd. Works great for now.
Thanks.
Back to top
View user's profile Send private message
VinzC
Watchman
Watchman


Joined: 17 Apr 2004
Posts: 5021
Location: Dark side of the mood

PostPosted: Thu Aug 31, 2017 4:22 pm    Post subject: Reply with quote

Glad you found a way. You're welcome :-).
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum