Menu
▾
▴
Re: [Proftpd-user] Problem with FTPES - Recent Clients
|
From: <sim...@be...> - 2010-01-26 10:33:39
|
Hello, first of all sorry for the doubled post (I did not realize that the old post had already got through, I thought I did some mistake) The version of openssl which I am using was already posted (openssl 0.9.8g-15+lenny6). I do not think is a problem of CA missing because: 1) with older clients (filezilla 3.0.9.3) it works ... 2) we have exactly the same configuration on a productive host which has a truly signed certificate (a "real" CA) TLSRSACertificateFile /path/server.pem TLSRSACertificateKeyFile /path/server.key TLSCACertificateFile /path/pr_TC_Class_3_L1_CA_V.pem but we have exactly the same problem: with old clients (filezilla) FTPES does work, with new clients (all of them) FTPES does not work. 3) anyway .. I have tried your suggestion on the test host I am playing with ..... I have followed http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28 and now my TLS conf part looks like: TLSRSACertificateFile /proftp_pkg/conf/testhost.pem TLSRSACertificateKeyFile /proftp_pkg/conf/testhost.key TLSCACertificateFile /proftp_pkg/conf/ca.crt unfortunatelly still I have the same problem: old clients OK, new clients NOT OK You are asking something else: >> How long has this been occurring? What had changed when these explicit >> SSL/TLS issues appeared? The clients have changed ... on the server side nothing has changed! The productive host has not been touched at all since long time. Out of the blue we have realized that there were problems with new filezilla clients. Then we have seen that there were posts about this topic on the net saying that for the proftp version we were running on the prod host ( 1.3.0-19etch2): SSL/TLS session shutdowns on data connections. So we have thought: ok it is only a filezilla problem, we will solve it by upgrading proftp. Now we are preparing such upgrade ... that's why we are playing with it around, and we have realized that even with the new proftp (1.3.3rc3) "new filezilla" has the same problem as before, and that even ALL other new clients have the same problem on both the test host (with new proftp) and the productive host (with the old proftp). What's wrong? Can you help? Simon |
