** Description changed: + [Impact] + + * Currently pure-ftpd in bionic, without any further special care, just + can't work with modern programs connecting with TLS 1.3 or such. + + [Test Plan] + + * install pure-ftpd + * create a cert in /etc/ssl/private/pure-ftpd.pem + * echo 1 > /etc/pure-ftpd/conf/TLS + * try to connect. + + Currently the connection fails with "ERROR TLS renegotiation" in the + pure-ftpd logs. + + [Where problems could occur] + + * I suspect that if the upgrade went well connections would just fail. + + [Other Info] + + These patches have been released with fedora 29; also seb128 already + proposed them in a PPA package, but for whatever reason he didn't care + of actually uploading the changes to ubuntu proper. Meaning the changes + are actually quite tested; plus the patches come from upstream. + + FTR, I have a vested interest in this update, as at dayjob I've got some + 18.04 servers that are also running a patched pure-ftpd just for this. + + [ Original Report ] + Secure (TLS) connections to Pure-FTPd do not work when the OpenSSL 1.1.1 library is installed. My installation was working perfectly until the system-wide OpenSSL 1.1.1 update was made available a couple days ago. Now, after running apt upgrade, clients are unable to establish TLS connections, as the TLS negotiation tries a couple times and then cancels out. The current stable version of Pure-FTPd from the developer is 1.0.49, but the apt repository only has version 1.0.46. According to the patch notes (https://www.pureftpd.org/project/pure-ftpd/news/), there have been some OpenSSL-related changes made since the 1.0.46 release. However, there are also some other major changes, so this may not be the case of a simple update. Ubuntu Server version: Description: Ubuntu 18.04.2 LTS Release: 18.04 ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: pure-ftpd-mysql 1.0.46-1build1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Sun Jun 16 16:51:56 2019 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: pure-ftpd UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.pure-ftpd.db.mysql.conf: [modified] mtime.conffile..etc.pure-ftpd.db.mysql.conf: 2019-05-03T23:51:59.782344
** Changed in: pure-ftpd (Ubuntu Bionic) Assignee: (unassigned) => Mattia Rizzolo (mapreri) ** Changed in: pure-ftpd (Ubuntu Bionic) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832998 Title: Pure-FTPd Breaks with OpenSSL v1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pure-ftpd/+bug/1832998/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs