FTP over TLSv1.1 does not work. Your OpenSSL installation does not support TLSv1.1 on line 4

Created:

2016-11-16 13:15:25 UTC

Modified:

2017-04-24 11:41:35 UTC

0

Was this article helpful?


Have more questions?

Submit a request

FTP over TLSv1.1 does not work. Your OpenSSL installation does not support TLSv1.1 on line 4

Applicable to:

  • Plesk 12.0 for Linux

Symptoms

After Poodle voulnerability is fixed by implementing KB # 123160 it is not possible to log in to proFTPD server by using TLSv1.1 and TLSv1.2. TLSv1 and plain text password authorization works fine.

Following error can be found in /var/log/messages :

Jul 14 13:22:58 server xinetd[13914]: START: ftp pid=13918 from=::ffff:1.1.1.1
Jul 14 13:22:58 server proftpd[13918]: processing configuration directory '/etc/proftpd.d'
Jul 14 13:22:58 server proftpd[13918]: fatal: TLSProtocol: Your OpenSSL installation does not support TLSv1.1 on line 4 of '/etc/proftpd.d/60-nosslv3.conf'
Jul 14 13:22:58 server xinetd[13914]: EXIT: ftp status=1 pid=13918 duration=0(sec)

Server operating system is Red Hat 6.

Cause

Such behavior is known as software issue # PPPM-3075 .

Workaround

  1. Download psa-proftpd package from Plesk repository :

    # mkdir psa-proftpd-1.3.5 && cd psa-proftpd-1.3.5
    # wget http://autoinstall.plesk.com/PSA_12.0.18/dist-rpm-CentOS-6-x86_64/opt/hosting/proftpd/psa-proftpd-1.3.5-cos6.build1200140529.18.x86_64.rpm
  2. Unpack .rpm package:

    # rpm2cpio psa-proftpd-1.3.5-cos6.build1200140529.18.x86_64.rpm  | cpio -dimv
  3. Replace current proftpd binary with extracted one:

    # mv /usr/sbin/proftpd ./
    # mv ./usr/sbin/proftpd /usr/sbin/proftpd
  4. Restart FTP server:

    # service xinetd restart
    Stopping xinetd: [ OK ]
    Starting xinetd: [ OK ]
Have more questions? Submit a request
Please sign in to leave a comment.