SSL/TLS for FTP connections


I have CentOS and VSFTPD installed.

I want to use FTP for only SSL/TLS connection type.
I have generated certificate, loaded necesary module for iptables, opened ports, configured VSFTPD but I get this error:
GnuTLS error -8: A record packet with illegal version was received.

I tried out this articled but nothing helps:

Thanks for suggestion!
Who is Participating?
celjan79Connect With a Mentor Author Commented:
When I use "dir" command when connected with LFTP to localhost i get this error:
Fatal error: gnutls_record_recv: A record packet with illegal version was received.
Daniel HelgenbergerCommented:
At first glance this seems to be a client side problem. Please elaborate how you connect to the server?

If so, you need to enable ssl after making the connection;
$ lftp -e 'set ftp:ssl-force true' yourserver

Open in new window

This might also help:

For the config:
celjan79Author Commented:
helge000: I know the articles from your URL. I have read them before and did not change my problem.
Yes i connect with FileZilla to server over internet. I only alowe SSL connections.
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Daniel HelgenbergerCommented:
Does the lftp command show the same error?
To debug this, please try from your client computer:
telnet yourserver 21
openssl s_client -connect yourserver:21
gnutls yourserver 21

Open in new window

Is one or all of those working? Eg, you getting some useful output)

Also, it might help if you post part of your vsftpd config
celjan79Author Commented:
# openssl s_client -connect localhost:21
140051988035400:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:699:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 112 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

Seems like I have problem with certificate? :S
Daniel HelgenbergerCommented:
No, all seems to be fine.
Did you try lftp?
lftp -e 'set ftp:ssl-force true'

Open in new window

Do this with your server.
And: Are you sure you use FTPS and not SFTP?
celjan79Author Commented:
helge000: I tried your command. There was no error.

Hmm whats the difference between FTPS and SFTP. I use implicit FTP over SSL option in Filezilla.

This is part of conf file for VSFTPD:
# Select which SSL ciphers vsftpd will allow for encrypted SSL connections (required by FileZilla)
Daniel HelgenbergerCommented:
To be clear, you were able to connect to your server using lftp?
If so, there is a misconfig in FileZilla (?)

You are using FTPS; not sftp. SFTP is completely different: it is FTP via ssh using port 22 while your config is FTPS.
celjan79Author Commented:
There was a problem with debuging in VSFTPD. It seems that VSFTPD does not show everything. So I had permision problems. You can read more on this URL:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.