SSL/TLS for FTP connections

Greetings!

I have CentOS and VSFTPD installed.

I want to use FTP for only SSL/TLS connection type.
I have generated certificate, loaded necesary module for iptables, opened ports, configured VSFTPD but I get this error:
GnuTLS error -8: A record packet with illegal version was received.

I tried out this articled but nothing helps:
http://www.bfccomputing.com/vsftpd-configuration-for-tls-and-passive-mode/
http://blogs.reliablepenguin.com/2012/03/08/passive-mode-ftp-with-iptables

Thanks for suggestion!
celjan79Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel HelgenbergerCommented:
At first glance this seems to be a client side problem. Please elaborate how you connect to the server?

If so, you need to enable ssl after making the connection;
$ lftp -e 'set ftp:ssl-force true' yourserver

Open in new window


This might also help:
https://forum.filezilla-project.org/viewtopic.php?f=6&t=16463

For the config:
http://www.cyberciti.biz/tips/configure-vsfptd-secure-connections-via-ssl-tls.html
0
celjan79Author Commented:
helge000: I know the articles from your URL. I have read them before and did not change my problem.
Yes i connect with FileZilla to server over internet. I only alowe SSL connections.
0
Daniel HelgenbergerCommented:
Does the lftp command show the same error?
To debug this, please try from your client computer:
telnet yourserver 21
openssl s_client -connect yourserver:21
gnutls yourserver 21

Open in new window

Is one or all of those working? Eg, you getting some useful output)

Also, it might help if you post part of your vsftpd config
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

celjan79Author Commented:
# openssl s_client -connect localhost:21
CONNECTED(00000003)
140051988035400:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:699:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 112 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

Seems like I have problem with certificate? :S
0
Daniel HelgenbergerCommented:
No, all seems to be fine.
Did you try lftp?
lftp -e 'set ftp:ssl-force true' secureftp-test.com
lftp secureftp-test.com:~>

Open in new window


Do this with your server.
And: Are you sure you use FTPS and not SFTP?
0
celjan79Author Commented:
helge000: I tried your command. There was no error.

Hmm whats the difference between FTPS and SFTP. I use implicit FTP over SSL option in Filezilla.

This is part of conf file for VSFTPD:
tcp_wrappers=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
# Select which SSL ciphers vsftpd will allow for encrypted SSL connections (required by FileZilla)
ssl_ciphers=HIGH
rsa_cert_file=/etc/vsftpd/ssl/vsftpd.pem
pasv_min_port=50000
pasv_max_port=50064
0
Daniel HelgenbergerCommented:
To be clear, you were able to connect to your server using lftp?
If so, there is a misconfig in FileZilla (?)

You are using FTPS; not sftp. SFTP is completely different: it is FTP via ssh using port 22 while your config is FTPS.
0
celjan79Author Commented:
When I use "dir" command when connected with LFTP to localhost i get this error:
Fatal error: gnutls_record_recv: A record packet with illegal version was received.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
celjan79Author Commented:
There was a problem with debuging in VSFTPD. It seems that VSFTPD does not show everything. So I had permision problems. You can read more on this URL:
http://ramblings.linkerror.com/?p=45
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.