SSL issue (Proftpd)

Status
Not open for further replies.
Joined
Aug 27, 2012
Messages
2
Not sure to post it in this forum, but it seems like a FreeNAS key issue to me.

I have seen some tickets about this issue, when connecting to Proftpd the following error comes up:

Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.4a Server (freenas.fiji FTP Server) [::ffff:192.168.2.95]
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Error: GnuTLS error -12: A TLS fatal alert has been received.
Error: Could not connect to server

Then i enabled TLSLog /var/log/proftpd/tls.log in the advanced FTP Auxiliary parameters.

The log file shows the following:
Aug 27 17:27:58 mod_tls/2.4.3[3715]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Aug 27 17:27:58 mod_tls/2.4.3[3715]: error loading TLSRSACertificateKeyFile '/etc/ssl/freenas/CA/private/cakey.key':
(1) error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Aug 27 17:27:58 mod_tls/2.4.3[3715]: error initializing OpenSSL context for this session
Aug 27 17:27:58 mod_tls/2.4.3[3715]: TLS/TLS-C requested, starting TLS handshake
Aug 27 17:27:58 mod_tls/2.4.3[3715]: unable to accept TLS connection: protocol error:
(1) error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Aug 27 17:27:58 mod_tls/2.4.3[3715]: TLS/TLS-C negotiation failed on control channel
Aug 27 17:28:03 mod_tls/2.4.3[3723]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Aug 27 17:28:03 mod_tls/2.4.3[3723]: error loading TLSRSACertificateKeyFile '/etc/ssl/freenas/CA/private/cakey.key':
(1) error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Aug 27 17:28:03 mod_tls/2.4.3[3723]: error initializing OpenSSL context for this session
Aug 27 17:28:03 mod_tls/2.4.3[3723]: TLS/TLS-C requested, starting TLS handshake
Aug 27 17:28:03 mod_tls/2.4.3[3723]: unable to accept TLS connection: protocol error:
(1) error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Aug 27 17:28:03 mod_tls/2.4.3[3723]: TLS/TLS-C negotiation failed on control channel

Then i saw there was something wrong with the key.

I have created my own self-signed certificate/key and changed /usr/local/etc/proftpd.conf to point to them and Tada:

Response: 220 ProFTPD 1.3.4a Server (freenas.fiji FTP Server) [::ffff:192.168.2.95]
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER Sander
Status: TLS/SSL connection established.
Response: 331 Password required for Sander
Command: PASS ************
Response: 230-Welcome to FreeNAS FTP Server
Response: 230 User Sander logged in

But everytime the server reboots or i restart the service, the config file points to the original keyfiles again.

Does anyone have a fix and/or workaround for this issue so i can implement it so i can reboot my Freenas without having to manually do configuration?

Thanks in advance.
 
Status
Not open for further replies.
Top