Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

can't get ftps server to connect with TLSv1.2

 
SOLVED
Go to solution
Riverarp_68
Visitor

can't get ftps server to connect with TLSv1.2

I am trying to get our ftps server to connect with TLSv1.2.  I have updated the oppenssl on our hp ux server to 1.0.1s.  I verified that TLSv1.2 is now available using the command openssl s_client -connect google.com:443 -tls1_2.   But the ftps server will only connect at TLSv1.0.  

If I try to connect using anything higher than 1.0, I get a TLS connect: error in SSLv2/v3 read server hello A buy my client and the syslog.log on the HP-ux server shows SSL_accept(): (5) error:00000000:lib(0):func(0):reason(0)

I have tried different cipher= options in the tls.conf file, but nothing seems to work.   I feel like I am missing a step or a configuration file somewhere.

Let me know what sugguestions you might have.  Thanks. 

5 REPLIES 5
Mani_Np
HPE Pro

Re: can't get ftps server to connect with TLSv1.2

For Configuring a WU-FTPD TLS Server and an FTP Client refer page 14 and 15 of WU-FTPD 2.6.1 release notes


Accept or Kudo
Riverarp_68
Visitor

Re: can't get ftps server to connect with TLSv1.2

I have seen these instructions and I believe I have it all setup correctly.  I have the inetd.conf statement as

ftps          stream tcp6 nowait root /usr/lbin/ftpd   ftpd -l -v -i -o -z config=/etc/ftpd/security/tls.conf -z usetls

I have the tls.conf file with I believe are the correct settings of

usetls
tlsdata
tlsonly
debug=1
cipher=ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH
CAfile=/etc/ftpd/security/xxx_base64.pem
rsacert=/etc/ftpd/security/xxx_base64_cer.pem
rsakey=/etc/ftpd/security/xxxkey.pem

the server is running and I can connect, but only at tlsv1  and nothing higher.   but again  I have verified that with the openSSL update that I do have TLSv1.2 available.   So I just can't seem to get the ftps server to use the higher version.

Riverarp_68
Visitor

Re: can't get ftps server to connect with TLSv1.2

Ok so reviewing the instructions, I have the WU-FTPD 2.6.1 installed, but I don't think I have the ftp-ssl-ncf FTP TLS enhancement software installed.    So that might be the issue.   can you point me in how to get this software?

Riverarp_68
Visitor

Re: can't get ftps server to connect with TLSv1.2

disregard the previous post regarding needing ftp-ssl-ncf FTP TLS enhancement software

I have HP-UX 11i v3 and the software should be included....so I am back to having no idea what is wrong.

Riverarp_68
Visitor
Solution

Re: can't get ftps server to connect with TLSv1.2

I found the problem.  I had been seeing in my log the ftp server version of 2.6.1 so I thought it was the updated version.  I did not realize there was a revision number and I had Revision 9.  Looking through the release notes I found that version 10 had something to do with a new openssl.  I updated to the latest version of the ftp server revsion 12 and it started to work correctly.