Hi Netino,
I've used the CWP script to install TLS on the server..
this is what is written at the end of the pure-ftpd.conf file
TLS 1
TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3
CertFile /etc/pki/tls/private/hostname.pem
Do I need to change or add something?
thanks for helping!
The file /etc/pki/tls/private/hostname.pem must be a special file, composed by Private Key, Certificate and Intermediary Certificates.
Check that (this just can be checked by you)
If it's ok, seems your TLS configuration don't have any problem.
Try to check you /var/log/messages file, rigth after connect, issuing the following command:
# grep 'pure-ftpd' /var/log/messages | tail -50
Hi Netino, thank you very much for your help..
I've checked and everything seems to be fine.. with the hostname.pem file..
also, after trying again.. I did what you suggested..: grep 'pure-ftpd' /var/log/messages | tail -50
this is what I got..
Mar 18 18:10:31 ip-xxx-xx-xx-xx pure-ftpd: (?@xx.xx.xx.xx) [INFO] testing is now logged in
Mar 18 18:11:48 ip-xxx-xx-xx-xx pure-ftpd: (?@xx.xx.xx.xx) [INFO] New connection from xxx.xx.xx.xx
Mar 18 18:11:49 ip-xxx-xx-xx-xx pure-ftpd: (?@xx.xx.xx.xx) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
Mar 18 18:11:50 ip-xxx-xx-xx-xx pure-ftpd: (?@xx.xx.xx.xx) [INFO] testing is now logged in
Mar 18 18:12:13 ip-xxx-xx-xx-xx pure-ftpd: (?@xx.xx.xx.xx) [INFO] New connection from xx.xx.xx.xx
Mar 18 18:12:14 ip-xxx-xx-xx-xx pure-ftpd: (?@xx.xx.xx.xx) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
Mar 18 18:12:14 ip-xxx-xx-xx-xx pure-ftpd: (?@xx.xx.xx.xx) [INFO] testing is now logged in
still despite that logs.. while using filezilla I got this..
Status: Connecting to xx.xx.xx.xx:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: MLSD
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
Status: Disconnected from server
Status: Connecting to xx.xxx.xx.xx:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
I'm using a AWS EC2 server..CWP is installed can connect perfectly with standard FTP.. this is a testing server.. and wanted to try the TLS.. still can't figure out what's going on.. I'm forcing Filezila to connect in Active mode..
Any other ideas?
thanks!!!