Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl issues with pure-ftpd v1.0.47 stilliard/pure-ftpd:hardened #146

Open
oprudkyi opened this issue Sep 3, 2020 · 2 comments
Open

ssl issues with pure-ftpd v1.0.47 stilliard/pure-ftpd:hardened #146

oprudkyi opened this issue Sep 3, 2020 · 2 comments

Comments

@oprudkyi
Copy link

oprudkyi commented Sep 3, 2020

Hi,
it's unrelated to docker image itself, but after update to latest stilliard/pure-ftpd:hardened there are started ssl errors,
I have php errors when trying to download file (ls works, though)

Exception ftp_fget(): SSL read failed

there no errors on system with old image (stilliard/pure-ftpd@sha256:7a146e51027e92226f9fbfb2bd1933c3c4b4c7d45dedfc142f0455066a60feb0), as well with
stilliard/pure-ftpd:stretch-latest, i.e. with v1.0.43

I suspect there is some incompatibility with some clients and TLSv1.3 as it implemented in v1.0.47.
could you please leave stilliard/pure-ftpd:stretch-latest as is (or make tagged version, i.e. stilliard/pure-ftpd:stretch-1.0.43

config (tls + pregenerated pems)

      containers:
      - name: pure-ftpd
        image: "stilliard/pure-ftpd:hardened"
        env:
        - name: PUBLICHOST
          value: localhost
        - name: FTP_USER_NAME
          value: ftpuser
        - name: FTP_USER_PASS
          value: ftppass
        - name: FTP_USER_HOME
          value: /home/ftpuser
        - name: ADDED_FLAGS
          value: "--tls=2 -d -d"
        - name: FTP_PASSIVE_PORTS
          value: "30005:30014"
        volumeMounts:
          - name: pure-ftpd-config
            mountPath: /etc/pure-ftpd/passwd/
          - name: pure-ftpd-config
            mountPath: /etc/ssl/private/
          - name: pure-ftpd-pv
            mountPath: /home/ftpuser/
            subPath: test-pure-ftpd/

in logs v1.0.47 stops on Connecting

([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher
...
([email protected]) [DEBUG] Command [retr] [/path/to/file]
([email protected]) [DEBUG] 150 Connecting to port 41019

v1.0.43 works

([email protected]) [DEBUG] Command [retr] [/path/to/file]
([email protected]) [DEBUG] 150 Connecting to port 59187
([email protected]) [INFO] TLS: Enabled TLSv1.2 with ECDHE-RSA-CHACHA20-POLY1305, 256 secret bits cipher
([email protected]) [NOTICE] /path/to/file downloaded  (18 bytes, 158.21KB/sec)
([email protected]) [DEBUG] 226-File successfully transferred
([email protected]) [DEBUG] 226 0.000 seconds (measured here), 158.21 Kbytes per second
([email protected]) [DEBUG] Command [quit] []
([email protected]) [INFO] Logout.
([email protected]) [DEBUG] 221-Goodbye. You uploaded 0 and downloaded 1 kbytes.
([email protected]) [DEBUG] 221 Logout.
@stilliard
Copy link
Owner

Hi @oprudkyi
Thank for the detail here.

In your tests, you were previously using the :hardened tag, would you mind running a quick test against the :latest tag to see if that works for you? That also uses the newer pure-ftpd version but without some of the changes added to our hardened branch.

Thank you.

@oprudkyi
Copy link
Author

oprudkyi commented Sep 3, 2020

Hi @stilliard
the :latest has the same issues as :hardened
I suspect this is probably related to https://bugs.launchpad.net/ubuntu/+source/pure-ftpd/+bug/1832998 but not sure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stilliard @oprudkyi