我正在运行 Ubuntu Server 20.04 和 proftpd 1.36,在设置 TLS 时遇到问题。
我按照配置文件中的指南操作,但出现了一个非常奇怪的错误。没有支持的密码。然后,该过程因握手错误而中断。SSL clienthello 消息包含许多可识别的密码,这些密码在机器上。
TLS 日志:
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL sessions attempted: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL sessions established: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL sessions renegotiated: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL sessions resumed: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL sessions in cache: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL session cache hits: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL session cache misses: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL session cache timeouts: 0
2020-06-29 18:16:30,457 mod_tls/2.7[87378]: [stat]: SSL session cache size exceeded: 0
2020-06-29 18:16:35,242 mod_tls/2.7[87910]: TLSOption EnableDiags enabled, setting diagnostics callback
2020-06-29 18:16:35,245 mod_tls/2.7[87910]: error initializing OpenSSL context for this session
2020-06-29 18:16:35,247 mod_tls/2.7[87910]: TLS/TLS-C requested, starting TLS handshake
2020-06-29 18:16:35,247 mod_tls/2.7[87910]: [info] (unknown): before SSL initialization
2020-06-29 18:16:35,247 mod_tls/2.7[87910]: [info] accepting: before SSL initialization
2020-06-29 18:16:35,247 mod_tls/2.7[87910]: [info] accepting: before SSL initialization
2020-06-29 18:16:35,255 mod_tls/2.7[87910]: [msg] received protocol record message (5 bytes)
2020-06-29 18:16:35,255 mod_tls/2.7[87910]: [info] accepting: before SSL initialization
2020-06-29 18:16:35,255 mod_tls/2.7[87910]: [msg] received TLSv1.3 'ClientHello' Handshake message (368 bytes)
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [msg]
ClientHello:
client_version = TLS 1.2
random:
gmt_unix_time = Thu Oct 20 14:46:18 1904 (not guaranteed to be accurate)
random_bytes (28 bytes)
5820ebe66e5afa9ec7d9cfc5d69fd7b97698ba054091bd338c918587
session_id (0 bytes)
cipher_suites (58 bytes)
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
[unknown/unsupported]
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[unknown/unsupported]
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[unknown/unsupported]
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[unknown/unsupported]
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[unknown/unsupported]
TLS_RSA_WITH_AES_256_CBC_SHA
[unknown/unsupported]
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
[unknown/unsupported]
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[unknown/unsupported]
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
[unknown/unsupported]
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
[unknown/unsupported]
compression_methods (1 byte)
None
extensions (265 bytes)
extension_type = status_request (5 bytes)
extension_type = elliptic_curves (22 bytes)
extension_type = ec_point_formats (2 bytes)
extension_type = signature_algorithms (34 bytes)
extension_type = encrypt_then_mac (0 bytes)
extension_type = extended_master_secret (0 bytes)
extension_type = session_ticket (0 bytes)
extension_type = key_share (139 bytes)
extension_type = supported_versions (9 bytes)
extension_type = renegotiate (1 byte)
extension_type = psk_kex_modes (3 bytes)
extension_type = [unknown/unsupported] (2 bytes)
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [msg] sent protocol record message (5 bytes)
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [msg] sent TLSv1.2 fatal 'handshake_failure' Alert message (2 bytes)
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [info] writing: SSL/TLS alert fatal: handshake failure
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [info] accepting: error
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: unable to accept TLS connection: protocol error:
(1) error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: unable to accept TLS connection: client does not support any cipher from 'TLSCipherSuite DEFAULT:!ADH:!EXPORT:!DES' (see `openssl ciphers DE>
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: TLS/TLS-C negotiation failed on control channel
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL sessions attempted: 1
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL sessions established: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL sessions renegotiated: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL sessions resumed: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL sessions in cache: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL session cache hits: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL session cache misses: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL session cache timeouts: 0
2020-06-29 18:16:35,256 mod_tls/2.7[87910]: [stat]: SSL session cache size exceeded: 0
openssl 的输出
openssl ciphers -v 'DEFAULT:!ADH:!EXPORT:!DES'
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384
ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384
DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384
RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1
DHE-PSK-AES256-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
PSK-AES256-CBC-SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256
ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256
RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1
DHE-PSK-AES128-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256
PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
如您所见,有很多匹配的密码。那么为什么我会收到此错误?
----------- 附加信息---------- 我尝试将密码更改为单个密码,然后更改为每个密码,错误仍然相同。我尝试更改协议,错误仍然相同。Google 没有帮助我找到解决方案,所有错误似乎都与实际缺少证书有关,或者不相关。proftpd tls 配置为了完成:
#
# Proftpd sample configuration for FTPS connections.
#
# Note that FTPS impose some limitations in NAT traversing.
# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
# for more information.
#
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
#
# Server SSL certificate. You can generate a self-signed certificate using
# a command like:
#
# openssl req -x509 -newkey rsa:1024 \
# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
# -nodes -days 365
#
# The proftpd.key file must be readable by root only. The other file can be
# readable by anyone.
#
# chmod 0600 /etc/ssl/private/proftpd.key
# chmod 0640 /etc/ssl/private/proftpd.key
#
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
#
# CA the server trusts...
#TLSCACertificateFile /etc/ssl/certs/CA.pem
# ...or avoid CA cert and be verbose
TLSOptions NoCertRequest EnableDiags
# ... or the same with relaxed session use for some clients (e.g. FireFtp)
#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired
#
#
# Per default drop connection if client tries to start a renegotiate
# This is a fix for CVE-2009-3555 but could break some clients.
#
#TLSOptions AllowClientRenegotiations
#
# Authenticate clients that want to use FTP over TLS?
#
#TLSVerifyClient off
#
# Are clients required to use FTP over TLS when talking to this server?
#
TLSRequired auth
#
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
#
#TLSRenegotiate required off
</IfModule>
答案1
好吧,我偶然发现了其他遇到 openssl 问题的人,发现在较新版本中,建议的密钥大小设置为 2048 位,而不是 proftpd 指南中建议的 1024 位。我尝试使用 2048 位生成新密钥,现在握手似乎可以正常工作了!但是数据连接失败了,但这可能是另一个问题。
编辑:数据连接只是重用问题。
答案2
看起来你的TLSProtocol设置不正确。最坏情况应该是:
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
不应启用 SSLv2 或 3。