Improve mod_tls log messages for unsupported older TLS protocol requests

[gmaxbass]

What I Did

Hi,
on RHEL8 I compiled the latest 1.3.8rc1 proftpd version and set TLSProtocol with SSLv23 (copying a working configuration)
I have issues with old clients using curl getting errors when trying to connect using sslv3

Client info
RHEL 5.11

openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv2
SSLv3

Installed openssl version: openssl-0.9.8e-27.el5_10.4

curl cmd (forcing curl to use sslv3)

curl -3 --verbose --ftp-ssl ftp://mysrv:990/ --user 'max' -T uptime.log -k

Error received:

 About to connect() to mysrv port 990
   Trying 172.22.22.114... connected
 Connected to mysrv (172.22.22.114) port 990
< 220 ftps server
> AUTH SSL
< 234 AUTH SSL successful
 successfully set certificate verify locations:
   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
 SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS alert, Server hello (2):
_**error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure**_
 Closing connection #0

curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Error in proftpd server tls.log

2021-07-07 15:39:19,399 mod_tls/2.9.1[3134932]: SSL/TLS-P requested, starting TLS handshake
2021-07-07 15:39:19,406 mod_tls/2.9.1[3134932]: unable to accept TLS connection: protocol error: 
  (1) error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low
2021-07-07 15:39:19,406 mod_tls/2.9.1[3134932]: SSL/TLS-P negotiation failed on control channel

---

TLS Section in server proftpd.conf

TLSEngine                       on
TLSRequired                     on
TLSLog                          /usr/local/proftpd-ssl-sftp/var/log/tls.log
TLSProtocol                     SSLv23
TLSOptions			            NoSessionReuseRequired

TLSCACertificatePath            /usr/local/proftpd-ssl-sftp/etc/certificates/cadir
TLSRSACertificateFile           /usr/local/proftpd-ssl-sftp/etc/certificates/mysrv.cert
TLSRSACertificateKeyFile        /usr/local/proftpd-ssl-sftp/etc/certificates/mysrv.key
TLSPassPhraseProvider		/usr/local/proftpd-ssl-sftp/etc/startphrase_tls
TLSVerifyClient                 off

---

What I Expected/Wanted

I'm expecting curl client to connect to 1.3.8rc1 proftpd server using sslv3 TLSProtocol, since it can connect to another proftpd server version 1.3.2 (stable) with the follwing tls configuration:

TLSEngine                       on
TLSRequired                     on
TLSLog                          /usr/local/proftpd-ssl/var/log/tls.log
TLSProtocol                     SSLv23
TLSOptions                      NoCertRequest

TLSCACertificatePath            /usr/local/proftpd-ssl/etc/certificates/cadir
TLSRSACertificateFile           /usr/local/proftpd-ssl/etc/certificates/cert.cer
TLSRSACertificateKeyFile        /usr/local/proftpd-ssl/etc/certificates/cert-20.key
TLSPassPhraseProvider		    /usr/local/proftpd-ssl/etc/startphrase
TLSVerifyClient                 off

tls.log successful connection

Jul 07 16:11:29 mod_tls/2.2.1[27075]: SSL/TLS-P requested, starting TLS handshake
Jul 07 16:11:29 mod_tls/2.2.1[27075]: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES256-SHA (256 bits)
Jul 07 16:11:29 mod_tls/2.2.1[27075]: Protection set to Private
Jul 07 16:11:29 mod_tls/2.2.1[27075]: starting TLS negotiation on data connection
Jul 07 16:11:29 mod_tls/2.2.1[27075]: TLSv1/SSLv3 data connection accepted, using cipher DHE-RSA-AES256-SHA (256 bits)

One thing to note is that "NoCertRequest" tls option is deprecated in version 1.3.8rc1. Could it be the reason curl client isn't able to connect?

Thanks

ProFTPD Version and Configuration

Proftpd 1.3.8rc1

Compile-time Settings:
  Version: 1.3.8rc1 (devel)
  Platform: LINUX [Linux 4.18.0-240.15.1.el8_3.x86_64 x86_64]
  Built: Wed Jul 7 2021 10:07:21 CEST
  Built With:
    configure  '--with-modules=mod_ldap:mod_sftp:mod_tls:mod_ident:mod_ifsession' '--enable-openssl' '--with-includes=/usr/include/sodium' '--prefix=/usr/local/proftpd-1.3.8rc1'

  CFLAGS: -g2 -O2 -Wall -fno-omit-frame-pointer -fno-strict-aliasing
  LDFLAGS: -L$(top_srcdir)/lib -L$(top_builddir)/lib  -rdynamic 
  LIBS:  -lssl -lcrypto -lsodium -lssl  -lldap -llber  -lcrypto -lsupp -lcrypt -ldl  -pthread

  Files:
    Configuration File:
      /usr/local/proftpd-1.3.8rc1/etc/proftpd.conf
    Pid File:
      /usr/local/proftpd-1.3.8rc1/var/proftpd.pid
    Scoreboard File:
      /usr/local/proftpd-1.3.8rc1/var/proftpd.scoreboard

  Info:
    + Max supported UID: 4294967295
    + Max supported GID: 4294967295

  Features:
    - Autoshadow support
    - Controls support
    + curses support
    - Developer support
    - DSO support
    + IPv6 support
    + Largefile support
    - Lastlog support
    - Memcache support
    + ncurses support
    - NLS support
    + OpenSSL support (OpenSSL 1.1.1g FIPS  21 Apr 2020, FIPS enabled)
    - PCRE support
    - POSIX ACL support
    - Redis support
    + Sendfile support
    + Shadow file support
    + Sodium support
    + Trace support
    + xattr support

  Tunable Options:
    PR_TUNABLE_BUFFER_SIZE = 1024
    PR_TUNABLE_DEFAULT_RCVBUFSZ = 8192
    PR_TUNABLE_DEFAULT_SNDBUFSZ = 8192
    PR_TUNABLE_ENV_MAX = 2048
    PR_TUNABLE_GLOBBING_MAX_MATCHES = 100000
    PR_TUNABLE_GLOBBING_MAX_RECURSION = 8
    PR_TUNABLE_HASH_TABLE_SIZE = 40
    PR_TUNABLE_LOGIN_MAX = 256
    PR_TUNABLE_NEW_POOL_SIZE = 512
    PR_TUNABLE_PATH_MAX = 4096
    PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
    PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
    PR_TUNABLE_SELECT_TIMEOUT = 30
    PR_TUNABLE_TIMEOUTIDENT = 10
    PR_TUNABLE_TIMEOUTIDLE = 600
    PR_TUNABLE_TIMEOUTLINGER = 10
    PR_TUNABLE_TIMEOUTLOGIN = 300
    PR_TUNABLE_TIMEOUTNOXFER = 300
    PR_TUNABLE_TIMEOUTSTALLED = 3600
    PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10

openssl-1.1.1g-15.el8_3.x86_64 installed

openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1
TLSv1.2
TLSv1.3

proftpd 1.3.2

Compile-time Settings:
  Version: 1.3.2 (stable)
  Platform: LINUX
  Built: Fri Jan 15 10:33:18 CET 2010
  Built With:
    configure  '--prefix=/usr/local/proftpd-ssl' '--with-openssl=/usr/local/openssl' '--with-modules=mod_tls:mod_ldap'

  CFLAGS: -O2 -Wall
  LDFLAGS: -L$(top_srcdir)/lib 
  LIBS:  -lssl -lcrypto -L$(top_srcdir)/lib/libcap -lcap  -lldap -llber  -lssl -lcrypto -lsupp -lcrypt 

  Files:
    Configuration File:
      /usr/local/proftpd-ssl/etc/proftpd.conf
    Pid File:
      /usr/local/proftpd-ssl/var/proftpd.pid
    Scoreboard File:
      /usr/local/proftpd-ssl/var/proftpd/proftpd.scoreboard

  Features:
    - Autoshadow support
    - Controls support
    + curses support
    - Developer support
    - DSO support
    + IPv6 support
    + Largefile support
    - Lastlog support
    + ncurses support
    - NLS support
    + OpenSSL support
    - POSIX ACL support
    + Shadow file support
    + Sendfile support
    + Trace support

  Tunable Options:
    PR_TUNABLE_BUFFER_SIZE = 1024
    PR_TUNABLE_GLOBBING_MAX = 8
    PR_TUNABLE_HASH_TABLE_SIZE = 40
    PR_TUNABLE_NEW_POOL_SIZE = 512
    PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
    PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
    PR_TUNABLE_SELECT_TIMEOUT = 30
    PR_TUNABLE_TIMEOUTIDENT = 10
    PR_TUNABLE_TIMEOUTIDLE = 600
    PR_TUNABLE_TIMEOUTLINGER = 30
    PR_TUNABLE_TIMEOUTLOGIN = 300
    PR_TUNABLE_TIMEOUTNOXFER = 300
    PR_TUNABLE_TIMEOUTSTALLED = 3600
    PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10

openssl-0.9.8e-12.el5 installed

openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv2
SSLv3

[Castaglia]

This is certainly unexpected; I'm hoping to have time to reproduce this locally, investigate more deeply over the weekend.

[gmaxbass]

I was diving forums for similar openssl issues and noted that many people suggest to compile openssl enabling sslv3 and then compile proftpd over it.
It seems that openssl binaries in RHEL8 are not compiled with sslv3 support even if SSLv3 cypher is present.
Please take a look at https://access.redhat.com/articles/3642912
I'd like to hear by you a confirmation about my hypothesis.

[gmaxbass]

In the link https://access.redhat.com/articles/3642912 there's a way to set different levels (4) of crypto policy.
With the command "update-crypto-policies --set LEGACY" I was able to enable TLSv1 protocol.
So it seems SSLv3 was totally dismissed since deprecated.

[Castaglia]

Yes; OpenSSL-1.1.x disabled SSLv3 at compile-time; see openssl/openssl#4989.

The best that ProFTPD can do, in this situation, is try to provide a better, more indicative log message in the TLSLog for such connections.

[Castaglia]

Now, with these changes, the TLSLog will show the previous log messages:

2021-07-07 15:39:19,406 mod_tls/2.9.1[3134932]: unable to accept TLS connection: protocol error: 
  (1) error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low
2021-07-07 15:39:19,406 mod_tls/2.9.1[3134932]: SSL/TLS-P negotiation failed on control channel

and, additionally:

2021-07-07 15:39:19,406 mod_tls/2.9.1[3134932]: unable to accept TLS connection: OpenSSL <version> lacks support for client requested TLS protocol version: SSL3

to hopefully better indicate that the issue lies in the underlying OpenSSL library.