我试图通过networkingfind解决scheme花了一些时间。 没有帮助。 故事:我有Ubuntu 10.10(Amazon EC2实例)。 ProFTPD版本1.3.2e(最新通过apt-get)。 我没有在服务器和FTP客户端上做任何改变,但突然间我的客户端(FileZilla 3.5.3,TotalCmd)停止通过FTPS连接到服务器。
从Filezillalogin:
Status: Connecting to 7x.xxx.xxx.xxx:21... Status: Connection established, waiting for welcome message... Response: 220 ProFTPD 1.3.2e Server (XXX) [7x.xxx.xxx.xxx] Command: AUTH TLS Response: 234 AUTH TLS successful Status: Initializing TLS... Error: GnuTLS error -9: A TLS packet with unexpected length was received. Status: Server did not properly shut down TLS connection Error: Could not connect to server 这是来自ProFTPD tls.log:
May 04 14:28:32 mod_tls/2.2.2[1057]: TLS/TLS-C requested, starting TLS handshake May 04 14:28:34 mod_tls/2.2.2[1057]: unable to accept TLS connection: received EOF that violates protocol May 04 14:28:34 mod_tls/2.2.2[1057]: TLS/TLS-C negotiation failed on control channel
Proftpd tlsconfiguration:
<IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd/tls.log TLSProtocol SSLv3 TLSv1 TLSRSACertificateFile /usr/local/apache2/conf/crt/server/srv.crt TLSRSACertificateKeyFile /usr/local/apache2/conf/crt/server/srv.nopass.key TLSCACertificateFile /usr/local/apache2/conf/crt/ca/ca.crt TLSOptions NoCertRequest TLSVerifyClient off TLSRequired on </IfModule>
在ftps:ftp://ftp.secureftp-test.com:990(FTPS的testing服务器)上validation的客户端,连接正常。 然后,我试着添加TLSRenegotiation none和其他我在网上find的选项 – 没有结果。 尝试重新启动 – 没有结果。
试过: openssl s_client -connect 127.0.0.1:21 -starttls ftp :
CONNECTED(00000003) depth=1 /C=... verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain ... Server certificate -----BEGIN CERTIFICATE----- MII... ...hC -----END CERTIFICATE----- subject=/C... --- No client certificate CA names sent --- SSL handshake has read 3615 bytes and written 303 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4096 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 5E9090B0AC306334847BEC665D069DD90CED941C23E7911CCFA120DDF2B8E016 Session-ID-ctx: Master-Key: 5708...DCB Key-Arg : None TLS session ticket: 0000 - ff 21 19 28 26 0b 21 28-57 29 5a 97 95 58 b5 90 .!.(&.!(W)Z..X.. ... 00a0 - 04 7b e0 4b 1c e7 53 d1-3d 8c 5c 19 30 09 c8 b9 .{.K..S.=.\.0... Compression: 1 (zlib compression) Start Time: 1336143573 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- 220 ProFTPD 1.3.2e Server (xxx) [7x.xxx.xxx.xxx] QUIT DONE
还有什么可以做的呢? 我希望我的ftps回来。 如果没有确切的解决scheme,类似情况下的典型行为是什