[CentOS] TLSv1.2 support for lftp on CentOS 6.x

Tue Aug 2 12:36:02 UTC 2016
Johnny Hughes <johnny at centos.org>

On 08/02/2016 06:11 AM, Olivier BONHOMME wrote:
> Hello everybody,
> 
> I am writing on that mailing list because I have an issue using lftp and I would
> love to have more infos about features available on the LFTP version provided by
> CentOS 6.
> 
> I try to connect to a ftp server in secured mode using FTPS explicit and I would
> love to use TLSv1.2.
> 
> After several tries, I understood that the TLS negociation was not possible
> using TLSv1.2 (It works only with TLSv1.1) but my issue is I don't understand
> why :
>  - The GNU TLS Library provided by CentOS is TLSv1.2 compliant. I can use
>    gnutls-cli in order to make a TLSv1.2 connection
>  - It also works pefectly with an openssl client, so it's not a server side
>    issue.
>  - I don't see anything in the lftp changelog or features list saying that lftp
>    is not compliant with TLSv1.2.
> 
> So my question is : Can lftp provided by CentOS (of course last version in the
> 6.x branch), do TLSv1.2 connection ? If it is not possible, I can deal with
> it but I'm curious to know if it is a feature or a bug. Indeed if it's a bug it
> could be interesting to submit an issue for a potential resolution.
> 
> Thanks for your answers

The latest lftp in CentOS-6.8 is version: lftp-4.0.9-6.el6_8.2.  It was
built on July 12, 2016.

That was built with nss-3.21.0-8.el6 in the build root.

If you have the latest installed, it would seem that it should be able
to work.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20160802/ea96ba7e/attachment-0005.sig>