Package: vsftpd Version: 2.3.2-3 Severity: important Here is the FileZilla log from the latest non-beta FileZilla:
Status: Starting download of /www.schnews.org.uk/archive/news6364.htm Command: MDTM news6364.htm Response: 522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page Error: File transfer failed Status: Starting download of /www.schnews.org.uk/archive/news6366.htm Command: MDTM news6366.htm Response: 213 20080621174939 Command: PASV Response: 522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page Error: File transfer failed I found this in FileZilla's bug tracking: http://trac.filezilla-project.org/ticket/5615 "I got the error "522 SSL connection failed; session reuse required". Searched on google and found a solution: set "require_ssl_reuse=NO" to my vsftpd config but i think this is a filezilla bug and should be fixed." Reponse: "Known bug in vsftpd. You have to update to a more recent vsftpd version." However it looks like we are on the latest vsftpd. the vsftpd manpage references this (http://vsftpd.beasts.org/vsftpd_conf.html) require_ssl_reuse If set to yes, all SSL data connections are required to exhibit SSL session reuse (which proves that they know the same master secret as the control channel). Although this is a secure default, it may break many FTP clients, so you may want to disable it. For a discussion of the consequences, see http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html (Added in v2.1.0). Default: YES Is there any reason the SSL connection is failing in current Debian Squeeze? Thanks! -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686-bigmem (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vsftpd depends on: ii adduser 3.112+nmu2 add and remove users and groups ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libcap2 1:2.19-3 support for getting/setting POSIX. ii libpam-modules 1.1.1-6.1 Pluggable Authentication Modules f ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l ii libssl0.9.8 0.9.8o-4squeeze1 SSL shared libraries ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra ii netbase 4.45 Basic TCP/IP networking system Versions of packages vsftpd recommends: ii logrotate 3.7.8-6 Log rotation utility vsftpd suggests no packages. -- Configuration Files: /etc/logrotate.d/vsftpd changed: /var/log/vsftpd.log { # ftpd doesn't handle SIGHUP properly nocompress missingok notifempty rotate 52 weekly } /etc/vsftpd.conf changed: listen=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES idle_session_timeout=300 data_connection_timeout=90 ftpd_banner=FTP chroot_local_user=YES chroot_list_enable=YES secure_chroot_dir=/var/run/vsftpd pam_service_name=vsftpd ssl_enable=YES force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO ssl_ciphers=ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA rsa_cert_file=/etc/ssl/certs/vsftpd.pem -- debconf information: vsftpd/username: ftp vsftpd/directory: /srv/ftp -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
