New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve mod_tls log messages for unsupported older TLS protocol requests #1273
Comments
This is certainly unexpected; I'm hoping to have time to reproduce this locally, investigate more deeply over the weekend. |
I was diving forums for similar openssl issues and noted that many people suggest to compile openssl enabling sslv3 and then compile proftpd over it. |
In the link https://access.redhat.com/articles/3642912 there's a way to set different levels (4) of crypto policy. |
Yes; OpenSSL-1.1.x disabled SSLv3 at compile-time; see openssl/openssl#4989. The best that ProFTPD can do, in this situation, is try to provide a better, more indicative log message in the |
…protocol versions unsupported by OpenSSL.
…protocol versions unsupported by OpenSSL.
…protocol versions unsupported by OpenSSL.
Issue #1273: Improve mod_tls log messages when clients request older …
Now, with these changes, the
and, additionally:
to hopefully better indicate that the issue lies in the underlying OpenSSL library. |
What I Did
Hi,
on RHEL8 I compiled the latest 1.3.8rc1 proftpd version and set TLSProtocol with SSLv23 (copying a working configuration)
I have issues with old clients using curl getting errors when trying to connect using sslv3
Client info
RHEL 5.11
Installed openssl version: openssl-0.9.8e-27.el5_10.4
curl cmd (forcing curl to use sslv3)
Error received:
curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
Error in proftpd server tls.log
TLS Section in server proftpd.conf
What I Expected/Wanted
I'm expecting curl client to connect to 1.3.8rc1 proftpd server using sslv3 TLSProtocol, since it can connect to another proftpd server version 1.3.2 (stable) with the follwing tls configuration:
tls.log successful connection
One thing to note is that "NoCertRequest" tls option is deprecated in version 1.3.8rc1. Could it be the reason curl client isn't able to connect?
Thanks
ProFTPD Version and Configuration
Proftpd 1.3.8rc1
openssl-1.1.1g-15.el8_3.x86_64 installed
proftpd 1.3.2
openssl-0.9.8e-12.el5 installed
The text was updated successfully, but these errors were encountered: