VSFTPD + TLS not working

Issues related to configuring your network
Post Reply
wolfrR1der
Posts: 4
Joined: 2020/04/13 17:42:58

VSFTPD + TLS not working

Post by wolfrR1der » 2020/04/17 18:09:00

I've set up a VSFTPD based FTP server and want to secure the traffic with SSL/TLS. I followed these instructions:
https://www.howtoforge.com/how-to-insta ... nd-selinux

Except I used a 4096 bit modulus instead. VSFTPD starts fine and I cannot find any errors anywhere however when I use Filezilla to connect to this server I get the following info out of Filezilla:
12:00:50 Status: Connecting to 172.21.1.120:21...
12:00:50 Status: Connection established, waiting for welcome message...
12:00:50 Status: Initializing TLS...
12:01:10 Error: Connection timed out after 20 seconds of inactivity
12:01:10 Error: Could not connect to server
12:01:10 Status: Waiting to retry...

Neither the password nor the certificate prompt pops up. Prior to adding the TLS directives to vsftpd.conf this FTP server worked fine. What am I missing?

vsftpd.conf:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
idle_session_timeout=600
chroot_list_enable=YES
chroot_local_user=YES
passwd_chroot_enable=YES
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
allow_writeable_chroot=YES
listen=YES

pam_service_name=vsftpd
userlist_enable=YES

local_max_rate=1179648

#Path of the SSL certificate
rsa_cert_file=/etc/ssl/private/vsftpd.crt
rsa_private_key_file=/etc/ssl/private/vsftpd.key
#Enable the SSL
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
#TSL is more secure than SSL so enable ssl_tlsv1_2.
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
#Enable SSL debugging to store all VSFTPD log.
debug_ssl=YES

Post Reply

Return to “CentOS 8 - Networking Support”