Your message dated Wed, 19 Oct 2011 22:04:25 +0200
with message-id <[email protected]>
and subject line Re: can't upload to vsftpd ssl after many uploads
has caused the Debian Bug report #614110,
regarding can't upload to vsftpd ssl after many uploads
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
614110: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614110
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: vsftpd
Version: 2.3.2-3
Severity: important
Here is the FileZilla log from the latest non-beta FileZilla:
Status: Starting download of /www.schnews.org.uk/archive/news6364.htm
Command: MDTM news6364.htm
Response: 522 SSL connection failed; session reuse required: see
require_ssl_reuse option in vsftpd.conf man page
Error: File transfer failed
Status: Starting download of /www.schnews.org.uk/archive/news6366.htm
Command: MDTM news6366.htm
Response: 213 20080621174939
Command: PASV
Response: 522 SSL connection failed; session reuse required: see
require_ssl_reuse option in vsftpd.conf man page
Error: File transfer failed
I found this in FileZilla's bug tracking:
http://trac.filezilla-project.org/ticket/5615
"I got the error "522 SSL connection failed; session reuse required".
Searched on google and found a solution: set "require_ssl_reuse=NO" to my
vsftpd config but i think this is a filezilla bug and should be fixed."
Reponse:
"Known bug in vsftpd. You have to update to a more recent vsftpd version."
However it looks like we are on the latest vsftpd.
the vsftpd manpage references this
(http://vsftpd.beasts.org/vsftpd_conf.html)
require_ssl_reuse
If set to yes, all SSL data connections are required to exhibit SSL
session reuse (which proves that they know the same master secret as the
control channel). Although this is a secure default, it may break many FTP
clients, so you may want to disable it. For a discussion of the
consequences, see
http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html
(Added in v2.1.0).
Default: YES
Is there any reason the SSL connection is failing in current Debian Squeeze?
Thanks!
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vsftpd depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcap2 1:2.19-3 support for getting/setting POSIX.
ii libpam-modules 1.1.1-6.1 Pluggable Authentication Modules f
ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l
ii libssl0.9.8 0.9.8o-4squeeze1 SSL shared libraries
ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra
ii netbase 4.45 Basic TCP/IP networking system
Versions of packages vsftpd recommends:
ii logrotate 3.7.8-6 Log rotation utility
vsftpd suggests no packages.
-- Configuration Files:
/etc/logrotate.d/vsftpd changed:
/var/log/vsftpd.log {
# ftpd doesn't handle SIGHUP properly
nocompress
missingok
notifempty
rotate 52
weekly
}
/etc/vsftpd.conf changed:
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
idle_session_timeout=300
data_connection_timeout=90
ftpd_banner=FTP
chroot_local_user=YES
chroot_list_enable=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
ssl_enable=YES
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_ciphers=ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
-- debconf information:
vsftpd/username: ftp
vsftpd/directory: /srv/ftp
--- End Message ---
--- Begin Message ---
like the manpage says, set require_ssl_reuse to false.
--
Address: Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email: [email protected]
Internet: http://people.progress-technologies.net/~daniel.baumann/
--- End Message ---
