Pure-ftpd with TLS

pacija

pacija

I am trying to set up pure-ftpd with TLS support for the first time. Certificate is in place, server starts fine, but when I try to connect to it server says:
Code: 
May 24 11:34:47 tazar pure-ftpd: (?@IP.ADD.RE.SS) [WARNING] Sorry, cleartext sessions are not
accepted on this server. Please reconnect using SSL/TLS security mechanisms.

Client (filezilla), when "require explicit FTP over TLS" is on, says:
Code: 
Status:	Resolving address of domain.tld
Status:	Connecting to IP.ADD.RE.SS:21...
Status:	Connection established, waiting for welcome message...
Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 1 of 50 allowed.
Response:	220-Local time is now 11:34. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	AUTH TLS
Response:	234 AUTH TLS OK.
Status:	Initializing TLS...
Error:	GnuTLS error -9: A TLS packet with unexpected length was received.
Status:	Server did not properly shut down TLS connection
Error:	Could not connect to server

Any advice?
 
I had the exact same problem but can't remember how I fixed it. I think it was something along the lines of recompiling the gnutls port and also pure-ftpd.
 
I think the problem isn't so much with you, but with pure-ftpd itself. Notice how it mentions that TLS support is experimental when you configure this port? I've used this FTP server for a while (years ago on Linux) and recall having read that there were quite a few clients which had problems with connecting to it when TLS was used.

Unless you really need some specific features (like for example MySQL or PGSQL support) then I'd like to suggest ftp/vsftpd if your main concern is with security. That server fully supports TLS in a non-experimental fashion.

Apart from that; the only reason I can come up with here is the certificate. Is that a publically recognized certificate or one which you made yourself? It shouldn't make a big difference, but it could be of influence.
 
pacija said:
I am trying to set up pure-ftpd with TLS support for the first time. Certificate is in place, server starts fine, but when I try to connect to it server says:
Code: 
May 24 11:34:47 tazar pure-ftpd: (?@IP.ADD.RE.SS) [WARNING] Sorry, cleartext sessions are not
accepted on this server. Please reconnect using SSL/TLS security mechanisms.
Click to expand...

Same problem for me today. I tried to compile pure-ftpd with security/openssl and security/libressl. Client lftp and filezilla. Same error.
 
Last edited by a moderator:
Well - running pureftpd with TLS linked against OpenSSL everything works as expected. Just select "Explicit FTP over SSL" in your FTP client, not implicit one. Oh - and I moved the port to 990.
 
False alarm from my side. I'm sorry. Everything is OK with pure-ftpd. Juniper in front of ftp server and when disable FTP inspection (Security -> ALG configuration) everything is ok. Unfortunately I have no experience with Juniper so I'll leave it disabled and ... hope for the best.
 
You must log in or register to reply here.
Back
Top