添加链接 注册    登录
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
豪情万千的小狗  ·  nginx禁用3DES和DES弱加密算法,保 ...·  1 月前    · 
想出家的柠檬  ·  如何动态地将css名称加载到django模板 ...·  4 月前    · 
玩滑板的绿茶  ·  在 WSL2 上获得近乎完整的 Linux ...·  4 月前    · 
爱喝酒的香瓜  ·  20世纪50年代,人民警察因这事开始推行“纠 ...·  5 月前    · 
豪气的冰淇淋  ·  "布伦特福德迎回主力球员诺加德,仍面临伤病困 ...·  6 月前    · 
彷徨的热带鱼  ·  激情信箱全集在线观看-伦理片-麻花影视-高清 ...·  6 月前    · 
link管理  ›  Received TLS alert from the server: Handshake failed (40) - FileZilla Forums
tls
https://forum.filezilla-project.org/viewtopic.php?t=45829
低调的饭盒
5 月前

Received TLS alert from the server: Handshake failed (40)

Need help with FileZilla Client ? Something does not work as expected? In this forum you may find an answer.
Moderator: Project members
Could someone please help me with this question? https://superuser.com/questions/1233895 ... -failed-40
I need at least to get somehow a list of ciphers supported by my filezilla FTP client.
I'll duplicate the linked question below:
I've got new web server with `proftpd` onboard. The problem is I can't connect to it through `filezilla` FTP client because it gives me an error

Code: Select all 

    Status:	Connection established, waiting for welcome message...
    Response:	220 FTP Server ready.
    Command:	AUTH TLS
    Response:	234 AUTH TLS successful
    Status:	Initializing TLS...
    Error:	Received TLS alert from the server: Handshake failed (40)
    Error:	Could not connect to server
I found that the error corresponds to the proftpd log `/var/log/proftpd/tls.log/var/log/proftpd/tls.log` record:

Code: Select all 

    Jul 24 13:50:47 mod_tls/2.4.2[1572]: unable to accept TLS connection: protocol error: 
      (1) error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Which means that the ftp client supports none of the encryption algorythms proposed by the server. As a result, the connection fails.
I have also found a `TLSCipherSuite` directive in `/etc/proftpd.conf` that disables `ADH`, `DES`, `SSLv2` and `SSLv3` ciphers.

Code: Select all 

    TLSCipherSuite                 ALL:!ADH:!DES:!SSLv2:!SSLv3
When I remove `:!SSLv3` from the directive and restart the server, filezilla connects without any problems. But enabling `SSLv3` seems to be a bad idea because it is vulnerable and insecure, according to the http://disablessl3.com/
Question
So my question is what can I do to make `proftpd` provide at least one secure cipher to successfully negotiate with `filezilla` FTP client?
Additional note
There is a similar question https://superuser.com/questions/874981/ ... -failed-40 that tells
Use only plain FTP (insecure)
but I want connection to be secure thus the answer for me is unsuitable.
Additional note #2
List of available ciphers:

Code: Select all 

    [root@server ~]# openssl ciphers -v 'ALL:!ADH:!DES:!SSLv2:!SSLv3'
    ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
    ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
    ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
    ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
    DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
    DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
    DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
    DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
    ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
    ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
    ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA384
    ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
    AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
    AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
    ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
    ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
    ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
    ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
    DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
    DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
    DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
    DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
    ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
    ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
    ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA256
    ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
    AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
    AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration .
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
 
推荐文章
豪情万千的小狗  ·  nginx禁用3DES和DES弱加密算法,保证SSL证书安全 SSL/TLS协议信息泄露漏洞(CVE-2016-2183) - 全琪俊
1 月前
想出家的柠檬  ·  如何动态地将css名称加载到django模板中,而不会弄乱视图 - 腾讯云开发者社区 - 腾讯云
4 月前
玩滑板的绿茶  ·  在 WSL2 上获得近乎完整的 Linux 体验 - Pan Xiao's Blog
4 月前
爱喝酒的香瓜  ·  20世纪50年代,人民警察因这事开始推行“纠正违章先敬礼”
5 月前
豪气的冰淇淋  ·  "布伦特福德迎回主力球员诺加德,仍面临伤病困扰和转会挑战"|英超|狼队|弗兰克|热刺队_网易订阅
6 月前
彷徨的热带鱼  ·  激情信箱全集在线观看-伦理片-麻花影视-高清电影-高清VIP综艺-高清动画片-高清电视剧-免费在线观看
6 月前
Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
link管理 - 链接快照平台