- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: ftp stopped working after patches, SSL/TLS ini...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2016 06:30 AM
06-07-2016 06:30 AM
ftp stopped working after patches, SSL/TLS initialization failed
I installed the March 2016 patch bundle and quality pack on my L class running 11.31 and after the rebooted, ssh, sftp, scp and ftp stopped working to a particular box.
ftp xx.xx.xx.xx
WARNING! SSL/TLS initialization failed
WARNING! Continuing in a Fallback mode
ftp: connect: Connection timed out
I am getting these in the ssl log file:
==== Environmental variables dumped - End ====
SSL context initialised
SSL_CTX_use_certificate_file(/etc/ftpd/security/certs/xxxxxx-rsa-crt.pem) error:00000000:lib(0):func(0):reason(0)
~
# etc/ftpd/security/certs:# l
total 128
-r-xr--r-- 1 root sys 461 Sep 15 2009 trust-hash.sh
drwxr-xr-x 2 root sys 8192 Sep 17 2009 saves
-rw-r--r-- 1 bin bin 884 Sep 17 2009 xxx_CA2_ROOT.pem
drwxrwxr-x 3 root sys 8192 Oct 21 2009 .
-rw-r--r-- 1 root sys 3425 Sep 23 2010 cacert.pem
-rw-r--r-- 1 bin bin 887 Sep 23 2010 xxxx-rsa-crt.pem
-rw-r--r-- 1 bin bin 887 Sep 23 2010 xxxx-rsa-key.pem
drwxr-xr-x 3 root sys 8192 May 25 2012 ..
- Tags:
- SSL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2016 07:49 AM
06-07-2016 07:49 AM
Re: ftp stopped working after patches, SSL/TLS initialization failed
I got root to work with ftp and some user accounts but not others. With two user accounts, I get this when try to run ftp:
however root works perfectly.. and another mortal user.
ERROR! Could not continue the session, failed initializing SSL session context
Ensure that SSL parameters are configured properly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2016 10:05 AM
06-07-2016 10:05 AM
Re: ftp stopped working after patches, SSL/TLS initialization failed
I haven't had patch access in years, and my SSL expertise is slight,
so I know nothing, but...
> [...] ssh, sftp, scp and ftp stopped working to a particular box.
I may have a guess for the "S" programs, but I'd expect plain-old FTP
to work about as well as ever.
> SSL_CTX_use_certificate_file(/etc/ftpd/security/certs/xxxxxx-rsa-crt.pem)
> error:00000000:lib(0):func(0):reason(0)
Not the most informative error message I've ever seen.
My guess at the problem(s) is that the patch bundle included an
OpenSSL update which disabled some old/insecure algorithm(s), and that
your old certificate(s) used the now-disabled algorithm(s).
My guess at the solution would be that you'd need to generate new
certificates. I'd expect the stuff under "/etc/ftpd/" to affect the FTP
server, but not the "S" programs. Perhaps some other log file would
suggest a culprit certificate file for them.
I'd also expect that the release notes for such a patch bundle would
explain this (or some other such) requirement (if there is one).
But what do I know?