Applicable to:
- Plesk 12.0 for Linux
Symptoms
After Poodle voulnerability is fixed by implementing KB # 123160 it is not possible to log in to proFTPD server by using TLSv1.1 and TLSv1.2. TLSv1 and plain text password authorization works fine.
Following error can be found in
/var/log/messages
:
Jul 14 13:22:58 server xinetd[13914]: START: ftp pid=13918 from=::ffff:1.1.1.1
Jul 14 13:22:58 server proftpd[13918]: processing configuration directory '/etc/proftpd.d'
Jul 14 13:22:58 server proftpd[13918]: fatal: TLSProtocol: Your OpenSSL installation does not support TLSv1.1 on line 4 of '/etc/proftpd.d/60-nosslv3.conf'
Jul 14 13:22:58 server xinetd[13914]: EXIT: ftp status=1 pid=13918 duration=0(sec)
Server operating system is Red Hat 6.
Cause
Such behavior is known as software issue # PPPM-3075 .
Workaround
-
Download
psa-proftpd
package from Plesk repository :# mkdir psa-proftpd-1.3.5 && cd psa-proftpd-1.3.5
# wget http://autoinstall.plesk.com/PSA_12.0.18/dist-rpm-CentOS-6-x86_64/opt/hosting/proftpd/psa-proftpd-1.3.5-cos6.build1200140529.18.x86_64.rpm -
Unpack
.rpm
package:# rpm2cpio psa-proftpd-1.3.5-cos6.build1200140529.18.x86_64.rpm | cpio -dimv
-
Replace current
proftpd
binary with extracted one:# mv /usr/sbin/proftpd ./
# mv ./usr/sbin/proftpd /usr/sbin/proftpd -
Restart FTP server:
# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
Comments
0 comments
Please sign in to leave a comment.