TJ Saunders

Huh. I'll admit that I usually don't develop/use a FIPS-enabled OpenSSL. The CTR mode ciphers in mod_sftp are a bit custom, due to older OpenSSL versions not supporting them. That...

Could you try out https://github.com/proftpd/proftpd/pull/1096, see if it improves/changes this situation for you? In particular, after applying that patch (and doing a `make clean && ./configure ... && make &&...

I'm currently using the `centos:7.8.2003` Docker image to try to reproduce this. I now have: ``` # /usr/local/sbin/proftpd -V ... + OpenSSL support (OpenSSL 1.0.2k 26 Jan 2017, FIPS enabled)...

In your provided configuration, you use: ``` TLSRenegotiate required off ``` This just says that, _when_ renegotiations are requested, client-side support for them is not required. I'd recommend setting that...

OK, thanks. What FTPS client are you using, and how large of a file, for your tests? I ask, so that I can reproduce the setup/behavior locally.

Interesting. I'm looking through your provided `tls.log` (thanks for that!); what stands out to me is the number of times the data TLS session is closed, then negotiated again, over...

I'm assuming the same library versions, same pure-ftpd, proftpd versions as well on the VPS? How very odd. Any filesystem (mounts, type) differences, between your VPS and the original host?

I wonder if there's a configuration difference with the network interfaces, between working/not-working hosts -- or perhaps with any iptables/ipchains type networking rules that might be involved?

Any response from your hoster/service provider on this issue?

Any suggestions for how I might reproduce these behaviors locally, using _e.g._ a Docker image, or a Vagrant VM?