[CentOS] Definitive guide to setting up FTPIS on vsftpd

Thu May 31 15:01:00 UTC 2018
Frank M. Ramaekers <FRamaekers at ailife.com>

I have a new CentOS 7.4 (recently upgraded to 7.5) system that I have been struggling with in configuring vsftpd for FTPS Implicit (port 990).
(The latest instructions I've used are at: https://www.unixmen.com/configure-vsftpd-ssltls-centos-7/)

Using Filezilla client, I get:

Error:              GnuTLS error -15: An unexpected TLS packet was received.
Error:              Could not connect to server

Using Core FTP LE:

SL/TLS error - 0, SSL error - 1, error:00000001:lib(0):func(0):reason(1)
SSL Connection not established

Using WinSCP:

TLS connect: error in SSLv2/v3 read server hello A
TLS connect: error in SSLv2/v3 read server hello A
Can't establish TLS connection
Disconnected from server

lftp from a remote Linux:

Fatal error: gnutls_handshake: An unexpected TLS packet was received.

Debugging, I get:

...
GNUTLS: EXT[0x2aa440f42d0]: sent signature algo (2.3) ECDSA-SHA1
GNUTLS: EXT[0x2aa440f42d0]: Sending extension SIGNATURE ALGORITHMS (22 bytes)
GNUTLS: HSK[0x2aa440f42d0]: CLIENT HELLO was queued [268 bytes]
GNUTLS: REC[0x2aa440f42d0]: Preparing Packet Handshake(22) with length: 268 and min pad: 0
GNUTLS: ENC[0x2aa440f42d0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
GNUTLS: REC[0x2aa440f42d0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 273
GNUTLS: ASSERT: gnutls_buffers.c:1154
GNUTLS: ASSERT: gnutls_buffers.c:588
GNUTLS: ASSERT: gnutls_buffers.c:1154
GNUTLS: ASSERT: gnutls_buffers.c:588
GNUTLS: ASSERT: gnutls_buffers.c:1154
GNUTLS: ASSERT: gnutls_buffers.c:588
GNUTLS: ASSERT: gnutls_buffers.c:1154
GNUTLS: ASSERT: gnutls_buffers.c:588
GNUTLS: ASSERT: gnutls_buffers.c:1154
GNUTLS: REC[0x2aa440f42d0]: SSL 48.48 Unknown Packet packet received. Epoch 0, length: 8271
GNUTLS: ASSERT: gnutls_record.c:572
GNUTLS: Received record packet of unknown type 53
GNUTLS: ASSERT: gnutls_record.c:1076
GNUTLS: ASSERT: gnutls_record.c:1158
GNUTLS: ASSERT: gnutls_buffers.c:1409
GNUTLS: ASSERT: gnutls_handshake.c:1446
GNUTLS: ASSERT: gnutls_handshake.c:2757
**** gnutls_handshake: An unexpected TLS packet was received.
GNUTLS: REC[0x2aa440f42d0]: Start of epoch cleanup
GNUTLS: REC[0x2aa440f42d0]: End of epoch cleanup
GNUTLS: REC[0x2aa440f42d0]: Epoch #0 freed
GNUTLS: REC[0x2aa440f42d0]: Epoch #1 freed
---- Closing control socket

TIA!

Frank M. Ramaekers Jr. | Systems Programmer | Information Technology | American Income Life Insurance Company | 254-761-6649 (732-6649)

----------------------------------------------------------------------
This message contains information which is privileged and confidential and is solely for the use of the intended recipient. If you are not the intended recipient, be aware that any review, disclosure, copying, distribution, or use of the contents of this message is strictly prohibited. If you have received this in error, please destroy it immediately and notify us at PrivacyAct at torchmarkcorp.com.