FTP over TLSv1.1 does not work. Your OpenSSL installation does not support TLSv1.1 on line 4

Symptoms

After Poodle voulnerability is fixed by implementing KB # 123160 it is not possible to log in to proFTPD server by using TLSv1.1 and TLSv1.2. TLSv1 and plain text password authorization works fine.

Following error can be found in /var/log/messages :

Jul 14 13:22:58 server xinetd[13914]: START: ftp pid=13918 from=::ffff:1.1.1.1
Jul 14 13:22:58 server proftpd[13918]: processing configuration directory '/etc/proftpd.d'
Jul 14 13:22:58 server proftpd[13918]: fatal: TLSProtocol: Your OpenSSL installation does not support TLSv1.1 on line 4 of '/etc/proftpd.d/60-nosslv3.conf'
Jul 14 13:22:58 server xinetd[13914]: EXIT: ftp status=1 pid=13918 duration=0(sec)

Server operating system is Red Hat 6.

Cause

Such behavior is known as software issue # PPPM-3075 .

Workaround

1. Download psa-proftpd package from Plesk repository :

   # mkdir psa-proftpd-1.3.5 && cd psa-proftpd-1.3.5
   # wget http://autoinstall.plesk.com/PSA_12.0.18/dist-rpm-CentOS-6-x86_64/opt/hosting/proftpd/psa-proftpd-1.3.5-cos6.build1200140529.18.x86_64.rpm
   

2. Unpack .rpm package:

   # rpm2cpio psa-proftpd-1.3.5-cos6.build1200140529.18.x86_64.rpm  | cpio -dimv
   

3. Replace current proftpd binary with extracted one:

   # mv /usr/sbin/proftpd ./
   # mv ./usr/sbin/proftpd /usr/sbin/proftpd
   

4. Restart FTP server:

   # service xinetd restart
   Stopping xinetd:                                           [  OK  ]
   Starting xinetd:                                           [  OK  ]