FTPES - FTP over explicit TLS/SSL with ProFTPd 1.3.0 impossible

Trying to initiate a secure ftp-connection with the current etch-version of ProFTPd 1.3.0 fails with an error in listing the directory (output from filezilla 3.2.6.1):

Command:LIST
Response:150 Opening ASCII mode data connection for file list
Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Response:226 Transfer complete.
Error: Failed to retrieve directory listing

The solution would be an upgrade of the ProFTPd to the current stable 1.3.2, for example from the backports.But this will remove the virtualmin-base package.

Status: 
Closed (fixed)

Comments

This seems more like a proftpd bug that a Virtualmin bug, as we just use the proftpd package supplied by Debian.

That said, you should be able to upgrade to 1.3.2 - what command are you trying, and what warning are you getting indicating that virtualmin-base will be removed?

1.) added the backports-repo to /etc/apt/sources.list

deb http://www.backports.org/debian etch-backports main contrib non-free

2.) installed the package-signing keys

etch:~# wget -O - http://backports.org/debian/archive.key | apt-key add -

3.) refreshed sources.list

etch:~# apt-get update

4.) tried to install the proftpd-version from the backports-repo

etch:~# apt-get -t etch-backports install proftpd
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
proftpd-basic proftpd-mod-ldap proftpd-mod-mysql proftpd-mod-pgsql
The following packages will be REMOVED:
virtualmin-base
The following NEW packages will be installed:
proftpd-basic proftpd-mod-ldap proftpd-mod-mysql proftpd-mod-pgsql
The following packages will be upgraded:
proftpd
1 upgraded, 4 newly installed, 1 to remove and 56 not upgraded.
Need to get 1556kB of archives.
After unpacking 112kB of additional disk space will be used.
Do you want to continue [Y/n]?

That's odd .. I can't see why virtualmin-base would need to be removed, as even though it depends on proftpd you aren't removing proftpd, only upgrading!

Joe's picture
Submitted by Joe on Sun, 07/26/2009 - 13:33 Pro Licensee

Argh! apt-get is so hateful sometimes. I don't see why it's doing this either. Obviously the dependency is still met.

Are we sure upgrading proftpd is the solution to this problem? I don't recall anyone else reporting this problem with the stock etch proftpd package.

Is there a bug in the debian tracker about the problem with the stock proftpd package? That's obviously something that ought to be fixed...one shouldn't have to use backports to get non-buggy software.

Upgrading to 1.3.2 will be the only way to solve this problem I think.

already in:

1.3.2rc2

  • Fixed handling of SSL/TLS session shutdowns on data connections. This issue was causing problems for users of recent FileZilla versions which insisted on proper SSL/TLS session shutdowns.

Most of my customers are using Filezilla. But if nobody reported this problem...maybe all people use unsecure FTP?

The debian tracker I didn't check but I'll do;-)

Edit:

upgrading from the backports will not solve the connection-problem, because the backports version is 1.3.1-17 and that doesn't help...

...compile 1.3.2 stable from source

SmartFTP client works fine with ProFTPD 1.3.0 and explicit SSL...

So customers have to use this client and that's it!