1

I'm trying to configure a FTP proftpd server with TLS in Ubuntu 16.04

I'm using proftpd from the proftpd-basic ubuntu package, which has tls_mod module compiled as shared module:

$ sudo proftpd -vv | grep mod_tls
  mod_tls_memcache/0.1
  mod_tls/2.6

I try to connect from a filezilla FTP client with the option "Use explicit FTP over TLS if available", but I get the following message establishing the connection

Status: Connecting to X.X.X.X:21...
Status: Connection established, waiting for welcome message...
Status: **Insecure server, it does not support FTP over TLS.**
Status: Logged in

I've generated a self-signed certificate

-rw-r--r-- 1 root root 1541 ene  4 20:07 /etc/ssl/certs/proftpd.crt
-rw------- 1 root root 1708 ene  4 20:07 /etc/ssl/private/proftpd.key

and my configuration file has the following directives:

<IfModule mod_tls.c>
    TLSEngine                               on
    TLSLog                                  /var/log/proftpd/tls.log
    TLSProtocol                             SSLv23
    TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
    TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
    TLSVerifyClient                         off
    TLSRequired                             on
    TLSRenegotiate                          required on
</IfModule>

Is something wrong in my configuration?

EDIT: this is what I see in the proftpd logfile (no sign of TLS)

2017-01-04 20:57:33,981 minimal proftpd[1947] 192.168.1.49 (192.168.1.10[192.168.1.10]): FTP session opened.
2017-01-04 20:57:36,302 minimal proftpd[1947] 192.168.1.49 (192.168.1.10[192.168.1.10]): USER direccion: Login successful.
2
  • Fixed. The user I was connecting with belonged to a Virtualhost and was not affected by the TSL directives in the configuration. I added the Global tag in the conf file and it's working now
    – rodrunner
    Commented Jan 4, 2017 at 20:09
  • Can you post this as an answer? Commented Jan 5, 2017 at 6:50

1 Answer 1

1

The user I was connecting with belonged to a Virtualhost and was not affected by the TSL directives in the configuration. I added the <global> tag in the tls.conf file and it's working now

1
  • I'm sorry, where does the <global> tag go in that file? Can you post the whole config file?
    – afilina
    Commented Oct 6, 2022 at 1:25

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .