Re: [Proftpd-user] Problem with FTPES - Recent Clients

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> 2) we have exactly the same configuration on a productive host which has a 
> truly signed certificate (a "real" CA)

There's a difference between a signed certificate and a CA, just as 
there's a difference between a certificate signing request (CSR) and a 
certificate.  Using the wrong terminology when describing issues of this 
sort makes it harder to understand all of the different things which might 
be misconfigured or wrong.

> The clients have changed ... on the server side nothing has changed!

If the changed clients are the ones having the problem, why do you suspect 
it's a server issue, rather than being a issue with the clients?  What 
version of OpenSSL (or GnuTLS, or whatever) are they using?

> What's wrong? Can you help?

More information is needed.  You should add the following to your 
proftpd.conf, to enable very verbose mod_tls logging:

  TLSOptions EnableDiags

and then provide the generated TLSLog from a failed FTPS connection.

By the way, "FTPES" is an acronym that only FileZilla uses -- and I 
*really* wish they wouldn't.  That term is specific to FileZilla, and does 
not appear in any RFCs which define FTP over SSL/TLS.  Everyone else 
(other than FileZilla users) talk about implicit (which is deprecated) and 
explicit FTPS.

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   To See a World in a Grain of Sand,
    And a Heaven in a Wild Flower,
   Hold Infinity in the palm of your hand,
    And Eternity in an hour.

   	-William Blake

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~