我花了一些时间在网上寻找解决方案。但没有任何帮助。故事:我有 Ubuntu 10.10(Amazon EC2 实例)。ProFTPD 版本 1.3.2e(通过 apt-get 获取最新版本)。我没有对服务器和 ftp 客户端进行任何更改,但突然我的客户端(filezilla 3.5.3、TotalCmd)停止通过 FTPS 连接到服务器。
来自 Filezilla 的日志:
Status: Connecting to 7x.xxx.xxx.xxx:21...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.2e Server (XXX) [7x.xxx.xxx.xxx]
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Error: GnuTLS error -9: A TLS packet with unexpected length was received.
Status: Server did not properly shut down TLS connection
Error: Could not connect to server
以下是来自 ProFTPD tls.log 的内容:
May 04 14:28:32 mod_tls/2.2.2[1057]: TLS/TLS-C requested, starting TLS handshake
May 04 14:28:34 mod_tls/2.2.2[1057]: unable to accept TLS connection: received EOF that violates protocol
May 04 14:28:34 mod_tls/2.2.2[1057]: TLS/TLS-C negotiation failed on control channel
Proftpd tls配置:
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv3 TLSv1
TLSRSACertificateFile /usr/local/apache2/conf/crt/server/srv.crt
TLSRSACertificateKeyFile /usr/local/apache2/conf/crt/server/srv.nopass.key
TLSCACertificateFile /usr/local/apache2/conf/crt/ca/ca.crt
TLSOptions NoCertRequest
TLSVerifyClient off
TLSRequired on
</IfModule>
客户端在 ftps://ftp.secureftp-test.com:990(FTPS 测试服务器)上进行了验证,连接正常。然后我尝试添加 TLSRenegotiation none 以及我在网上找到的其他选项 - 但没有结果。尝试重新启动 - 没有结果。
已尝试openssl s_client -connect 127.0.0.1:21 -starttls ftp
::
CONNECTED(00000003)
depth=1 /C=...
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
...
Server certificate
-----BEGIN CERTIFICATE-----
MII...
...hC
-----END CERTIFICATE-----
subject=/C...
---
No client certificate CA names sent
---
SSL handshake has read 3615 bytes and written 303 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 5E9090B0AC306334847BEC665D069DD90CED941C23E7911CCFA120DDF2B8E016
Session-ID-ctx:
Master-Key: 5708...DCB
Key-Arg : None
TLS session ticket:
0000 - ff 21 19 28 26 0b 21 28-57 29 5a 97 95 58 b5 90 .!.(&.!(W)Z..X..
...
00a0 - 04 7b e0 4b 1c e7 53 d1-3d 8c 5c 19 30 09 c8 b9 .{.K..S.=.\.0...
Compression: 1 (zlib compression)
Start Time: 1336143573
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
220 ProFTPD 1.3.2e Server (xxx) [7x.xxx.xxx.xxx]
QUIT
DONE
还能做什么?我想要恢复我的 ftps。如果没有确切的解决方案,类似情况下的典型行为是什么?