Fixed: A TLS fatal alert has been received - Wrong cipher suite ( pro…

…FTPD )

Fixed: Missing NoSessionReuseRequired parameter ( ProFTPD )

CHANGELOG

@@ -8,7 +8,9 @@ CONFIGS
 	Added: Sysctl configuration file for secondary IP promoting ( /etc/sysctl.d/imscp.conf file )
 	Changed: SPF - Email treating level is now set to softfail instead of fail ( bind9 )
 	Fixed: Access to error documents is forbiden in some contexts ( Apache )
+	Fixed: A TLS fatal alert has been received - Wrong cipher suite ( proFTPD )
 	Fixed: Domain aliases and subdomains can't follow sylinks from customer homedir
+	Fixed: Missing NoSessionReuseRequired parameter ( ProFTPD )
 
 BACKEND
 	Fixed: Fcgi wrapper is not created in some contexts ( apache_fcgid )

configs/debian/proftpd/proftpd.conf

@@ -108,9 +108,9 @@ Group                      nogroup
 {SSL}  TLSEngine                on
 {SSL}  TLSRequired              off
 {SSL}  TLSLog                   /var/log/proftpd/ftp_ssl.log
-{SSL}  TLSProtocol              TLSv1
-{SSL}  TLSCipherSuite           HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3
-{SSL}  TLSOptions               NoCertRequest NoSessionReuseRequired
+{SSL}  TLSProtocol              TLSv1 TLSv1.1 TLSv1.2
+{SSL}  TLSCipherSuite           ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
+{SSL}  TLSOptions               {TLSOPTIONS}
 {SSL}  TLSRSACertificateFile    {CONF_DIR}/{CERTIFICATE}.pem
 {SSL}  TLSRSACertificateKeyFile {CONF_DIR}/{CERTIFICATE}.pem
 {SSL}  TLSVerifyClient          off

configs/debian/proftpd/proftpd.data

@@ -1,3 +1,5 @@
+PROFTPD_VERSION =
+
 FTPD_SNAME = proftpd
 FTPD_CONF_FILE = /etc/proftpd/proftpd.conf
 FTP_TRAFF_LOG_PATH = proftpd/ftp_traff.log

configs/ubuntu/proftpd/proftpd.conf

@@ -108,9 +108,9 @@ Group                      nogroup
 {SSL}  TLSEngine                on
 {SSL}  TLSRequired              off
 {SSL}  TLSLog                   /var/log/proftpd/ftp_ssl.log
-{SSL}  TLSProtocol              TLSv1
-{SSL}  TLSCipherSuite           HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3
-{SSL}  TLSOptions               NoCertRequest
+{SSL}  TLSProtocol              TLSv1 TLSv1.1 TLSv1.2
+{SSL}  TLSCipherSuite           ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
+{SSL}  TLSOptions               {TLSOPTIONS}
 {SSL}  TLSRSACertificateFile    {CONF_DIR}/{CERTIFICATE}.pem
 {SSL}  TLSRSACertificateKeyFile {CONF_DIR}/{CERTIFICATE}.pem
 {SSL}  TLSVerifyClient          off

engine/PerlLib/Servers/ftpd/proftpd/installer.pm

@@ -46,6 +46,7 @@ use iMSCP::TemplateParser;
 use iMSCP::EventManager;
 use File::Basename;
 use Servers::ftpd::proftpd;
+use version;
 use parent 'Common::SingletonClass';
 
 =head1 DESCRIPTION
@@ -167,6 +168,9 @@ sub install
 	$rs = $self->_bkpConfFile($self->{'config'}->{'FTPD_CONF_FILE'});
 	return $rs if $rs;
 
+	$rs = $self->_setVersion();
+	return $rs if $rs;
+
 	$rs = $self->_setupDatabase();
 	return $rs if $rs;
 
@@ -267,6 +271,36 @@ sub _bkpConfFile
 	$self->{'eventManager'}->trigger('afterFtpdBkpConfFile', $cfgFile);
 }
 
+=item _setVersion
+
+ Set version
+
+ Return in 0 on success, other on failure
+
+=cut
+
+sub _setVersion
+{
+	my $self = $_[0];
+
+	my ($stdout, $stderr);
+	my $rs = execute("proftpd -v", \$stdout, \$stderr);
+	debug($stdout) if $stdout;
+	error($stderr) if $stderr && $rs;
+	error('Unable to find ProFTPD version') if $rs && ! $stderr;
+	return $rs if $rs;
+
+	if($stdout =~ m%([\d.]+)%) {
+		$self->{'config'}->{'PROFTPD_VERSION'} = $1;
+		debug("ProFTPD version set to: $1");
+	} else {
+		error('Unable to parse ProFTPD version from ProFTPD version string');
+		return 1;
+	}
+
+	0;
+}
+
 =item _setupDatabase()
 
  Setup database
@@ -370,7 +404,9 @@ sub _buildConfigFile
 		FTPD_MIN_GID => $self->{'config'}->{'MIN_GID'},
 		CONF_DIR => $main::imscpConfig{'CONF_DIR'},
 		SSL => (main::setupGetQuestion('SERVICES_SSL_ENABLED') eq 'yes') ? '' : '#',
-		CERTIFICATE => 'imscp_services'
+		CERTIFICATE => 'imscp_services',
+		TLSOPTIONS => (qv("v$self->{'config'}->{'PROFTPD_VERSION'}") >= qv('v1.3.3'))
+			? 'NoCertRequest NoSessionReuseRequired' : 'NoCertRequest'
 	};
 
 	# Load template