Mailinglist Archive: opensuse (856 mails)

< Previous Next >
Re: [opensuse] vsftpd and SSL failure WITH SOME PROGRESS
Hi,

The error message you see is probably be caused by mismatch of support
SSL protocol versions.

Or the server/client sending us plaintext while we expect SSL.

See if setting
implicit_ssl=NO
or
implicit_ssl=YES

in vsftpd.conf helps.

Ciao, Marcus
On Tue, Oct 04, 2016 at 05:17:32PM -0700, Marc Chamberlin wrote:
On 10/3/2016 11:40 PM, Admin Beckspaced wrote:

hello marc,

still kind of lost? i know how it feels being stuck with software problems
...
Yep, frustrating to say the least!

a few things that come to my mind.

if you're not really a SSL/TLS certificate pro i would recommend to give a
test certificate a try.
this way you can narrow down errors or at least be sure that there's
nothing wrong with the certificate.
OK, I tried a test certificate as well, got one from the site you
recommended earlier, no joy! Same error messages when I use it.


in my vsftpd config i have SSL version 2 and 3 disabled.
please check yours, in the error log above it says sslv2/v3 error
if you disable ssl v2/3 in vsftpd how should one be able to connect?
I disabled both as well, no joy.

make sure openssl allows self signed certificates. there must be another
--param for that too?
I cannot find any parameters for openssl that is used to allow/disallow self
signed certificates.

importing certificates into windows. also here some problems are possible.

because with the certificate authority (CA) certificate you need to tell
windows that this is a CA cert
the 'normal' cert. the one that got signed by your CA, can be installed
with the default settings
Understood, but I don't think the test certificate was a self signed one and
Windows FTP clients still complained when I was trying to use the test cert
as well.

another thing ...

the permissions on the certificates for vsftpd must be very strict!
0600 / 0400 by root, otherwise vsftpd will complain
I double checked the permissions on the certificates and tried both
variations as you suggested. No joy.

also ....

the 'home' folder of the system user, the folder which vsftpd is going to
use,
Yep it is....

have fun debugging and best of luck ;)
Oh I am having fun alright! LOL Kinda on the shady side of being bemused...
Now where is Lady Luck hiding these days?

greetings
becki


Ever onward... And thanks again for trying to help, this is a puzzler!
Marc...


--
"The Truth is out there" - Spooky

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx


--
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi.
3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@xxxxxxx>
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups