Hi, The error message you see is probably be caused by mismatch of support SSL protocol versions. Or the server/client sending us plaintext while we expect SSL. See if setting implicit_ssl=NO or implicit_ssl=YES in vsftpd.conf helps. Ciao, Marcus On Tue, Oct 04, 2016 at 05:17:32PM -0700, Marc Chamberlin wrote:
On 10/3/2016 11:40 PM, Admin Beckspaced wrote:
hello marc,
still kind of lost? i know how it feels being stuck with software problems ... Yep, frustrating to say the least!
a few things that come to my mind.
if you're not really a SSL/TLS certificate pro i would recommend to give a test certificate a try. this way you can narrow down errors or at least be sure that there's nothing wrong with the certificate. OK, I tried a test certificate as well, got one from the site you recommended earlier, no joy! Same error messages when I use it.
in my vsftpd config i have SSL version 2 and 3 disabled. please check yours, in the error log above it says sslv2/v3 error if you disable ssl v2/3 in vsftpd how should one be able to connect?
I disabled both as well, no joy.
make sure openssl allows self signed certificates. there must be another --param for that too?
I cannot find any parameters for openssl that is used to allow/disallow self signed certificates.
importing certificates into windows. also here some problems are possible.
because with the certificate authority (CA) certificate you need to tell windows that this is a CA cert the 'normal' cert. the one that got signed by your CA, can be installed with the default settings
Understood, but I don't think the test certificate was a self signed one and Windows FTP clients still complained when I was trying to use the test cert as well.
another thing ...
the permissions on the certificates for vsftpd must be very strict! 0600 / 0400 by root, otherwise vsftpd will complain
I double checked the permissions on the certificates and tried both variations as you suggested. No joy.
also ....
the 'home' folder of the system user, the folder which vsftpd is going to use,
Yep it is....
have fun debugging and best of luck ;)
Oh I am having fun alright! LOL Kinda on the shady side of being bemused... Now where is Lady Luck hiding these days?
greetings becki
Ever onward... And thanks again for trying to help, this is a puzzler! Marc...
-- "The Truth is out there" - Spooky
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
--
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real