Far-NetBox icon indicating copy to clipboard operation
Far-NetBox copied to clipboard

Published 20 hours ago verified publisher icon michaellukashov

Unable to connect to PureFTPd with TLS enabled

Open negrusti opened this issue 8 years ago • 4 comments

Using TLS/SSL explicit encryption, port 21:

<  220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<  220-You are user number 1 of 50 allowed.
<  220-Local time is now 11:04. Server port: 21.
<  220-This is a private system - No anonymous login
<  220-IPv6 connections are also welcome on this server.
<  220 You will be disconnected after 15 minutes of inactivity.
>  AUTH SSL
<  500 This security scheme is not implemented

Filezilla connects fine to the same server, using AUTH TLS:

Response:   220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:   220-You are user number 1 of 50 allowed.
Response:   220-Local time is now 18:00. Server port: 21.
Response:   220-This is a private system - No anonymous login
Response:   220-IPv6 connections are also welcome on this server.
Response:   220 You will be disconnected after 15 minutes of inactivity.
Command:    AUTH TLS
Response:   234 AUTH TLS OK.
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.

negrusti avatar Apr 25 '16 11:04 negrusti

OpenSSL Security Advisory [1st March 2016]

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

Severity: High

A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server. This vulnerability is known as DROWN (CVE-2016-0800).

Recovering one session key requires the attacker to perform approximately 2^50 computation, as well as thousands of connections to the affected server. A more efficient variant of the DROWN attack exists against unpatched OpenSSL servers using versions that predate 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf released on 19/Mar/2015 (see CVE-2016-0703 below).

Users can avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers, if they've not done so already. Disabling all SSLv2 ciphers is also sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed. Servers that have not disabled the SSLv2 protocol, and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2 ciphers are nominally disabled, because malicious clients can force the use of SSLv2 with EXPORT ciphers.

OpenSSL 1.0.2g and 1.0.1s deploy the following mitigation against DROWN:

SSLv2 is now by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of:

SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2);

as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available.

In addition, weak ciphers in SSLv3 and up are now disabled in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers.

OpenSSL 1.0.2 users should upgrade to 1.0.2g OpenSSL 1.0.1 users should upgrade to 1.0.1s

This issue was reported to OpenSSL on December 29th 2015 by Nimrod Aviram and Sebastian Schinzel. The fix was developed by Viktor Dukhovni and Matt Caswell of OpenSSL.

VictorVG avatar Apr 25 '16 11:04 VictorVG

I am aware of that vulnerability, but it is NetBox that tries to use SSL. Filezilla uses TLS1.2 just fine. Configuration of that FTP server is: SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 not offered TLS 1.1 not offered TLS 1.2 offered (OK) Does NetBox support TLS 1.2?

negrusti avatar Sep 22 '16 16:09 negrusti

NetBox 2.2.2.435/2.3.0.436 builds use OpenSSL Toolkit v1.0.2h and support TLS 1.2.

VictorVG avatar Sep 23 '16 00:09 VictorVG

I have exactly the same problem with latest NetBox 2.4.5 build 544 :(

NetBox suggests AUTH SSL, Pure-FTPd refuses, end of story.

Leonix avatar May 23 '22 09:05 Leonix