Pure-Ftpd Not Working on cPanel 56

luisamaral

• May 03, 2016 13:34

Hi, After upgrading to cPanel 56.0 (build 9), I can't connect to the FTP, using TLS, with my Netbeans FTP Client. Before this upgrade, on FTP Server Configuration, was using "Broken Clients Compatibility" = "Yes" . I have tried change "Broken Clients Compatibility" to "No", but didn't work. Here are the logs: At FTP client: - Could not generate DH Keypair - Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive) At server, /var/log/messages: pure-ftpd: [WARNING] Sorry, cleartext sessions and weak ciphers are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms. Any idea how to solve this? Thanks

• 

  Metro2

  • May 03, 2016 21:03

  Hi luisamaral, I know this is a long-shot and might not have anything to do with your issue, but take a look at this other thread - All users get blocked when FTP You may need to make sure that your PassivePortRange is set correctly in /var/cpanel/conf/pureftpd/main and if you're running CSF you may need to make sure that the TCP_IN setting in your CSF Firewall Configuration has the port range entered correctly as well.

  0
• 

  Karl

  • May 09, 2016 11:51

  Hi, After upgrading to cPanel 56.0 (build 9), I can't connect to the FTP, using TLS, with my Netbeans FTP Client. Before this upgrade, on FTP Server Configuration, was using "Broken Clients Compatibility" = "Yes" . I have tried change "Broken Clients Compatibility" to "No", but didn't work. Here are the logs: At FTP client: - Could not generate DH Keypair - Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive) At server, /var/log/messages: pure-ftpd: [WARNING] Sorry, cleartext sessions and weak ciphers are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms. Any idea how to solve this? Thanks

  
  The issue is that on April 20th, cPanel generated new DH params for pure-ftpd in: /etc/ssl/private/pure-ftpd-dhparams.pem They generated 3072 bit params and Jave (as everywhere notes) only supports 2048 bit params. You can verify this: openssl dh -in /etc/ssl/private/pure-ftpd-dhparams.pem -text -noout First line will tell you the size of the params. The solution: cp /etc/ssl/private/pure-ftpd-dhparams.pem /etc/ssl/private/pure-ftpd-dhparams.pem.bak openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048 service pure-ftpd restart

  0
• 

  cPanelMichael

  • May 09, 2016 15:23

  Hello, The change stems from the following entry in the cPanel 56 change log: Fixed case CPANEL-4968: Update pure-ftpd to 1.0.42-4.cp1156. The case addressed an issue that resulted in Pure-ftpd failing to start when the DH parameters file was missing. Thank you.

  0
• 

  luisamaral

  • July 03, 2016 15:25

  Thanks Karl. As @cPanelMichael said, the file did not exist. So, I generated that using the command: openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048 And now it works. Solved.

  The issue is that on April 20th, cPanel generated new DH params for pure-ftpd in: /etc/ssl/private/pure-ftpd-dhparams.pem They generated 3072 bit params and Jave (as everywhere notes) only supports 2048 bit params. You can verify this: openssl dh -in /etc/ssl/private/pure-ftpd-dhparams.pem -text -noout First line will tell you the size of the params. The solution: cp /etc/ssl/private/pure-ftpd-dhparams.pem /etc/ssl/private/pure-ftpd-dhparams.pem.bak openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048 service pure-ftpd restart

  
  

  0

Please sign in to leave a comment.