HPE Community
Operating System - HP-UX
1821051 Members
2857 Online
109631 Solutions
New Discussion

can't get ftps server to connect with TLSv1.2

 
SOLVED
Go to solution
Riverarp_68
Visitor

‎09-20-2018 07:26 AM

‎09-20-2018 07:26 AM

can't get ftps server to connect with TLSv1.2

I am trying to get our ftps server to connect with TLSv1.2.  I have updated the oppenssl on our hp ux server to 1.0.1s.  I verified that TLSv1.2 is now available using the command openssl s_client -connect google.com:443 -tls1_2.   But the ftps server will only connect at TLSv1.0.  

If I try to connect using anything higher than 1.0, I get a TLS connect: error in SSLv2/v3 read server hello A buy my client and the syslog.log on the HP-ux server shows SSL_accept(): (5) error:00000000:lib(0):func(0):reason(0)

I have tried different cipher= options in the tls.conf file, but nothing seems to work.   I feel like I am missing a step or a configuration file somewhere.

Let me know what sugguestions you might have.  Thanks. 

0 Kudos
Reply
5 REPLIES 5
Mani_Np
HPE Pro

‎09-23-2018 11:14 PM

‎09-23-2018 11:14 PM

Re: can't get ftps server to connect with TLSv1.2

For Configuring a WU-FTPD TLS Server and an FTP Client refer page 14 and 15 of WU-FTPD 2.6.1 release notes

Regards,
Manikandan

I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Riverarp_68
Visitor

‎09-24-2018 06:55 AM

‎09-24-2018 06:55 AM

Re: can't get ftps server to connect with TLSv1.2

I have seen these instructions and I believe I have it all setup correctly.  I have the inetd.conf statement as

ftps          stream tcp6 nowait root /usr/lbin/ftpd   ftpd -l -v -i -o -z config=/etc/ftpd/security/tls.conf -z usetls

I have the tls.conf file with I believe are the correct settings of

usetls
tlsdata
tlsonly
debug=1
cipher=ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH
CAfile=/etc/ftpd/security/xxx_base64.pem
rsacert=/etc/ftpd/security/xxx_base64_cer.pem
rsakey=/etc/ftpd/security/xxxkey.pem

the server is running and I can connect, but only at tlsv1  and nothing higher.   but again  I have verified that with the openSSL update that I do have TLSv1.2 available.   So I just can't seem to get the ftps server to use the higher version.

0 Kudos
Reply
Riverarp_68
Visitor

‎09-24-2018 07:25 AM

‎09-24-2018 07:25 AM

Re: can't get ftps server to connect with TLSv1.2

Ok so reviewing the instructions, I have the WU-FTPD 2.6.1 installed, but I don't think I have the ftp-ssl-ncf FTP TLS enhancement software installed.    So that might be the issue.   can you point me in how to get this software?

0 Kudos
Reply
Riverarp_68
Visitor

‎09-24-2018 08:38 AM

‎09-24-2018 08:38 AM

Re: can't get ftps server to connect with TLSv1.2

disregard the previous post regarding needing ftp-ssl-ncf FTP TLS enhancement software

I have HP-UX 11i v3 and the software should be included....so I am back to having no idea what is wrong.

0 Kudos
Reply
Riverarp_68
Visitor

‎09-24-2018 12:45 PM

‎09-24-2018 12:45 PM

Solution

Re: can't get ftps server to connect with TLSv1.2

I found the problem.  I had been seeing in my log the ftp server version of 2.6.1 so I thought it was the updated version.  I did not realize there was a revision number and I had Revision 9.  Looking through the release notes I found that version 10 had something to do with a new openssl.  I updated to the latest version of the ftp server revsion 12 and it started to work correctly.

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.