Ftp

Filezilla 客戶端和 VSFTPD:GnuTLS 錯誤 -12:已收到 TLS 致命警報

  • January 30, 2016

所以現在我正在嘗試為 FTP(e)S 配置 vsftpd 伺服器。看來我遇到了不同客戶的問題。安全 FTPD 對我來說很好用。Filezilla 沒有。

Filezilla 的輸出

tatus:  Connecting to foo:21...
Status: Connection established, waiting for welcome message...
Trace:  CFtpControlSocket::OnReceive() 
Response:   220 "Welcome to FTP!"
Trace:  CFtpControlSocket::SendNextCommand()
Command:    AUTH TLS
Trace:  CFtpControlSocket::OnReceive()
Response:   234 Proceed with negotiation.
Status: Initializing TLS...
Trace:  CTlsSocket::Handshake()
Trace:  CTlsSocket::ContinueHandshake()
Trace:  CTlsSocket::OnSend()
Trace:  CTlsSocket::OnRead()
Trace:  CTlsSocket::ContinueHandshake()
Trace:  CTlsSocket::Failure(-12, 53)
Trace:  GnuTLS alert 40: Handshake failed
Error:  GnuTLS error -12: A TLS fatal alert has been received.

從 vsftpd 粘貼:

# Could be whatever you like, or 990 if you want to use the now-deprecated ftps port.
listen_port=21

# Limit passive ports to this range to assis firewalling
pasv_min_port=30000
pasv_max_port=30003

#May be needed to help packets through some NAT/firewall setups. The address
# is the external ip of the machine, assuming it is a static one.
pasv_address= "foo" ---> we NAT everything so this has the EXTERNAL IP

# Set to ssl_enable=YES if you want to enable SSL
ssl_enable=YES
anon_mkdir_write_enable=NO
anon_root=/srv/ftp
anon_upload_enable=NO
idle_session_timeout=900
log_ftp_protocol=YES
pasv_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES

# Path to the certificate and key files (which should be the same file)
rsa_cert_file=/etc/vsftpd2.pem
rsa_private_key_file=/etc/vsftpd2.pem

# No ssl for bad boys
#allow_anon_ssl=NO

# All local logins (i.e. non-anonymous) are forced to use ssl.
force_local_data_ssl=NO
#force_local_logins_ssl=YES
#dsa_cert_file=/etc/vsftpd.pem
require_ssl_reuse=NO

所以問題是:這裡出了什麼問題?順便說一句:我也不完全確定 ftps 和 ftpEs 之間有什麼區別

謝謝

好的,找到了。顯然,最新的 filezilla 3.5 客戶端和 ftps 之間存在一些奇怪的行為。

對於 vsftpd,解決方案只是在 vsftpd.conf 文件中添加:ssl_ciphers=HIGH

我不確定我是否也被允許發布此內容,但在 filezilla 論壇中對此存在威脅。

http://forum.filezilla-project.org/viewtopic.php?f=2&t=23280

如果chroot_local_user=yes使用則ssl_ciphers=HIGH不會工作。

引用自:https://serverfault.com/questions/385286