Since last month update, Proftpd with TLS not working anymore on Centos 5.11 and Centos 6.7. While trying to connect with FileZilla client, it gets stuck at "Initializing TLS…"
Installed Openssl and proftpd version on CentOS 5.11:
openssl-0.9.8e-36.0.1.el5_11
proftpd-1.3.3g-4.el5
Installed Openssl and proftpd version on CentOS 6.7:
openssl-1.0.1e-42.el6.x86_64
proftpd-1.3.3g-6.el6.x86_64
Proftpd config file TLS settings:
<IfDefine TLS>
TLSEngine off
TLSRequired off
TLSRSACertificateFile /etc/pki/ssl.cert
TLSRSACertificateKeyFile /etc/pki/ssl.key
TLSCACertificateFile /etc/pki/ssl.ca
TLSProtocol SSLv3 TLSv1
# TLSCipherSuite ALL:!ADH:!DES
TLSOptions AllowClientRenegotiations NoSessionReuseRequired
TLSVerifyClient off
#TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log
<IfModule mod_tls_shmcache.c>
TLSSessionCache shm:/file=/var/run/proftpd/sesscache
</IfModule>
</IfDefine>
The certificate used is CA signed certificate. I tried with TLSProtocol TLSv1.1 and TLSv1.2, but proftpd not starting.
I have one CentOS 5.11 box which has Openssl version openssl-0.9.8e-34.el5_11 installed and FTP with TLS working fine on that box.
I have seen same issue while trying to connect to some other FTP location which is hosted by other hosting companies.
Thanks.
Best Answer
The latest available version for Centos (1.3.3g), as Spectre already said, seems to not work correctly with TLS 1.1/1.2
See the following link for having at least some notes about a potential fix for those issues beeing in Version 1.3.5
Qoute:
TLS 1.1/1.2 configuration now works properly.So it seems your option is to compile the new version yourself.