Ssl

ProFTPD - TLS - 客戶端不支持任何密碼

  • June 30, 2020

我正在執行 Ubuntu Server 20.04 和 proftpd 1.36,並且在設置 TLS 時遇到問題。

我已按照配置文件中的指南進行操作,但出現了一個非常奇怪的錯誤。沒有支持的密碼。然後該過程因握手錯誤而中斷。SSL clienthello 消息包含許多可辨識的密碼,並且在機器上。

TLS 日誌:

2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL sessions attempted: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL sessions established: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL sessions renegotiated: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL sessions resumed: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL sessions in cache: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL session cache hits: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL session cache misses: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL session cache timeouts: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL session cache size exceeded: 0
2020-06-29 18:16:35,242 mod_tls/2.7[87910]: TLSOption EnableDiags enabled, setting diagnostics callback
2020-06-29 18:16:35,245 mod_tls/2.7[87910]: error initializing OpenSSL context for this session
2020-06-29 18:16:35,247 mod_tls/2.7[87910]: TLS/TLS-C requested, starting TLS handshake
2020-06-29 18:16:35,247 mod_tls/2.7[87910]: [info] (unknown): before SSL initialization
2020-06-29 18:16:35,247 mod_tls/2.7[87910]: [info] accepting: before SSL initialization
2020-06-29 18:16:35,247 mod_tls/2.7[87910]: [info] accepting: before SSL initialization
2020-06-29 18:16:35,255 mod_tls/2.7[87910]: [msg] received protocol record message (5 bytes)
2020-06-29 18:16:35,255 mod_tls/2.7[87910]: [info] accepting: before SSL initialization
2020-06-29 18:16:35,255 mod_tls/2.7[87910]: [msg] received TLSv1.3 'ClientHello' Handshake message (368 bytes)
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [msg]
ClientHello:
 client_version = TLS 1.2
 random:
   gmt_unix_time = Thu Oct 20 14:46:18 1904 (not guaranteed to be accurate)
   random_bytes (28 bytes)
     5820ebe66e5afa9ec7d9cfc5d69fd7b97698ba054091bd338c918587
 session_id (0 bytes)
 cipher_suites (58 bytes)
   TLS_AES_256_GCM_SHA384
   TLS_CHACHA20_POLY1305_SHA256
   TLS_AES_128_GCM_SHA256
   [unknown/unsupported]
   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
   [unknown/unsupported]
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
   [unknown/unsupported]
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
   [unknown/unsupported]
   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
   [unknown/unsupported]

   TLS_RSA_WITH_AES_256_CBC_SHA
   [unknown/unsupported]
   TLS_RSA_WITH_AES_128_GCM_SHA256
   TLS_RSA_WITH_AES_128_CBC_SHA
   [unknown/unsupported]
   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
   [unknown/unsupported]
   TLS_DHE_RSA_WITH_AES_256_CBC_SHA
   [unknown/unsupported]
   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
   TLS_DHE_RSA_WITH_AES_128_CBC_SHA
   [unknown/unsupported]
 compression_methods (1 byte)
   None
 extensions (265 bytes)
   extension_type = status_request (5 bytes)
   extension_type = elliptic_curves (22 bytes)
   extension_type = ec_point_formats (2 bytes)
   extension_type = signature_algorithms (34 bytes)
   extension_type = encrypt_then_mac (0 bytes)
   extension_type = extended_master_secret (0 bytes)
   extension_type = session_ticket (0 bytes)
   extension_type = key_share (139 bytes)
   extension_type = supported_versions (9 bytes)
   extension_type = renegotiate (1 byte)
   extension_type = psk_kex_modes (3 bytes)
   extension_type = [unknown/unsupported] (2 bytes)

2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [msg] sent protocol record message (5 bytes)
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [msg] sent TLSv1.2 fatal 'handshake_failure' Alert message (2 bytes)
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [info] writing: SSL/TLS alert fatal: handshake failure
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [info] accepting: error
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: unable to accept TLS connection: protocol error:
 (1) error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: unable to accept TLS connection: client does not support any cipher from 'TLSCipherSuite DEFAULT:!ADH:!EXPORT:!DES' (see `openssl ciphers DE>
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: TLS/TLS-C negotiation failed on control channel
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL sessions attempted: 1
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL sessions established: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL sessions renegotiated: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL sessions resumed: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL sessions in cache: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL session cache hits: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL session cache misses: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL session cache timeouts: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL session cache size exceeded: 0

openssl 的輸出

openssl ciphers -v 'DEFAULT:!ADH:!EXPORT:!DES'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305   TLSv1.2 Kx=PSK      Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=AESGCM(128) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256   TLSv1.2 Kx=PSK      Au=PSK  Enc=AESGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA384
ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(256)  Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(256)  Mac=SHA1
SRP-AES-256-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(256)  Mac=SHA1
RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA384
DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA384
RSA-PSK-AES256-CBC-SHA  SSLv3 Kx=RSAPSK   Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-PSK-AES256-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
PSK-AES256-CBC-SHA384   TLSv1 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA384
PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA256
ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK  Enc=AES(128)  Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(128)  Mac=SHA1
SRP-AES-128-CBC-SHA     SSLv3 Kx=SRP      Au=SRP  Enc=AES(128)  Mac=SHA1
RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA256
RSA-PSK-AES128-CBC-SHA  SSLv3 Kx=RSAPSK   Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-PSK-AES128-CBC-SHA  SSLv3 Kx=DHEPSK   Au=PSK  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
PSK-AES128-CBC-SHA256   TLSv1 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA256
PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1

如您所見,有很多匹配的密碼。那為什麼我會收到這個錯誤?

———– 獎勵資訊———- 我嘗試將密碼更改為單個密碼,每個密碼,仍然是相同的錯誤。我已經嘗試更改協議,仍然是同樣的錯誤。Google沒有幫助我找到解決方案,所有錯誤似乎都與實際缺少的證書有關,或者不相關。為了完成,proftpd tls 配置:

#
# Proftpd sample configuration for FTPS connections.
#
# Note that FTPS impose some limitations in NAT traversing.
# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
# for more information.
#

<IfModule mod_tls.c>
TLSEngine                               on
TLSLog                                  /var/log/proftpd/tls.log
TLSProtocol                             SSLv23
#
# Server SSL certificate. You can generate a self-signed certificate using 
# a command like:
#
# openssl req -x509 -newkey rsa:1024 \
#          -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
#          -nodes -days 365
#
# The proftpd.key file must be readable by root only. The other file can be
# readable by anyone.
#
# chmod 0600 /etc/ssl/private/proftpd.key 
# chmod 0640 /etc/ssl/private/proftpd.key
# 
TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
#
# CA the server trusts...
#TLSCACertificateFile            /etc/ssl/certs/CA.pem
# ...or avoid CA cert and be verbose
TLSOptions                      NoCertRequest EnableDiags 
# ... or the same with relaxed session use for some clients (e.g. FireFtp)
#TLSOptions                      NoCertRequest EnableDiags NoSessionReuseRequired
#
#
# Per default drop connection if client tries to start a renegotiate
# This is a fix for CVE-2009-3555 but could break some clients.
#
#TLSOptions                             AllowClientRenegotiations
#
# Authenticate clients that want to use FTP over TLS?
#
#TLSVerifyClient                         off
#
# Are clients required to use FTP over TLS when talking to this server?
#
TLSRequired                             auth
#
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations.  Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
#
#TLSRenegotiate                          required off
</IfModule>

好的,所以很偶然,我遇到了其他人對 openssl 有問題,並發現在較新的版本中,推薦的密鑰大小設置為 2048 位,而不是 proftpd 指南中建議的 1024。我嘗試使用 2048 位生成新密鑰,現在握手似乎起作用了!然而,數據連接失敗,但這可能是一個不同的問題。

編輯:數據連接只是重用問題。

看起來你TLSProtocol的設置不正確。最壞的情況應該是:

TLSProtocol TLSv1 TLSv1.1 TLSv1.2

不應啟用 SSLv2 或 3。

引用自:https://serverfault.com/questions/1023381