You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
This commit causes compile error on Debian 9, removing it compiles ok. Error below:
libpureftpd.a(libpureftpd_a-tls.o): In function tls_init_options': /pure-ftpd-1.0.50/src/tls.c:329: undefined reference to SSL_CTX_set_num_tickets'
collect2: error: ld returned 1 exit status
Makefile:830: recipe for target 'pure-ftpd' failed
make[2]: *** [pure-ftpd] Error 1
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the reply. Would be nice if there was some kind of conditional compile to detect if it has an older version and exclude the call. There are still many OS's that have 1.1.0 that are not eol yet. And it would be good so that systems can be kept updated till then, even if they won't be able to use newer protocols.
The reason will be displayed to describe this comment to others. Learn more.
@jedisct1 We are currently upgrading our infrastructure which also includes a pure-ftpd update to 1.0.50.
Since then, we have a lot of customers complaining about a popup showing up in FileZilla Client saying that the connection is insecure because the server does not support TLS session resumption. This is confusing for a lot of customers.
As far as I understand, TLS session resumption is completely disabled with this commit?
Is there maybe a less-radical way of working around this issue?
It seems like that other projects like proftpd for example are using different approaches to solve that problem.
fa21200
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This commit causes compile error on Debian 9, removing it compiles ok. Error below:
libpureftpd.a(libpureftpd_a-tls.o): In function
tls_init_options': /pure-ftpd-1.0.50/src/tls.c:329: undefined reference to
SSL_CTX_set_num_tickets'collect2: error: ld returned 1 exit status
Makefile:830: recipe for target 'pure-ftpd' failed
make[2]: *** [pure-ftpd] Error 1
OpenSSL 1.1.0l 10 Sep 2019
fa21200
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@novafire99 SSL_CTX_set_num_tickets() were added in OpenSSL 1.1.1
fa21200
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the reply. Would be nice if there was some kind of conditional compile to detect if it has an older version and exclude the call. There are still many OS's that have 1.1.0 that are not eol yet. And it would be good so that systems can be kept updated till then, even if they won't be able to use newer protocols.
fa21200
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@novafire99
51e9dfa
fa21200
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awsome, thank you. Have a great day.
fa21200
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jedisct1 We are currently upgrading our infrastructure which also includes a pure-ftpd update to 1.0.50.
Since then, we have a lot of customers complaining about a popup showing up in FileZilla Client saying that the connection is insecure because the server does not support TLS session resumption. This is confusing for a lot of customers.
As far as I understand, TLS session resumption is completely disabled with this commit?
Is there maybe a less-radical way of working around this issue?
It seems like that other projects like proftpd for example are using different approaches to solve that problem.
fa21200
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Vringe same here. We use PureFTPd 1.0.50 with OpenSSL 1.1.1k. The last versions of Filezilla show this warning.
fa21200
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the record: This has been fixed in commit 9f78b98
Can confirm that it works. Thank you :)