Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plaintext FTP should be disabled by default #50

Closed
patch0 opened this issue Jun 13, 2017 · 6 comments
Closed

Plaintext FTP should be disabled by default #50

patch0 opened this issue Jun 13, 2017 · 6 comments
Labels
enhancement security wontfix

Comments

@patch0
Copy link
Contributor

patch0 commented Jun 13, 2017

/etc/pure-ftpd/conf/TLS currently appears to be set to 1 which means "Accept both normal sessions and SSL/TLS ones." - my opinion would be that for the next release, we should change this to 2, or even 3. Options are below.

              -Y tls behavior
              -Y 0 (default) disables SSL/TLS security mechanisms.
              -Y 1 Accept both normal sessions and SSL/TLS ones.
              -Y  2  refuses  connections  that  aren't using SSL/TLS security
              mechanisms, including anonymous ones.
              -Y 3 refuses connections  that  aren't  using  SSL/TLS  security
              mechanisms, and refuse cleartext data channels as well.
              The  server  must  have been compiled with SSL/TLS support and a
              valid certificate must be in place to accept encrypted sessions.

Originally reported on Bytemark's Gitlab by @jiphex on 2016-12-22T10:45:27.708Z
@patch0
Copy link
Contributor Author

patch0 commented Jun 13, 2017

Requires SNI/per domain IPs and config to work without random SSL name mismatch warnings.

Originally posted by @patch0 on 2017-02-21T14:17:50.642Z

@patch0
Copy link
Contributor Author

patch0 commented Jun 13, 2017

To use TLS, you must provide a file called /etc/ssl/private/pure-ftpd.pem
with a private key for your host and the related certificate.

The location can be changed at compile-time with the --with-certfile option
passed to ./configure.

wow. SNI does not really seem like an option

Originally posted by @telyn on 2017-03-09T15:32:18.402Z

@patch0
Copy link
Contributor Author

patch0 commented Jun 13, 2017

Subject Alternative Names might be doable though with letsencrypt users - my letsencrypt cert for my home server looks like this:

Subject: CN=git.aetheria.co.uk
X509v3 Subject Alternative Name:
                DNS:docker-registry.git.aetheria.co.uk, DNS:emby.aetheria.co.uk, DNS:firefly.aetheria.co.uk, DNS:git.aetheria.co.uk, DNS:ihatemoney.aetheria.co.uk, DNS:owncloud.aetheria.co.uk, DNS:subsonic.aetheria.co.uk

Originally posted by @telyn on 2017-03-09T15:36:10.696Z

@patch0
Copy link
Contributor Author

patch0 commented Jun 13, 2017

Maybe we could re-survey the landscape of FTP servers?

Originally posted by @patch0 on 2017-03-09T16:00:27.902Z

@patch0
Copy link
Contributor Author

patch0 commented Jun 13, 2017

I wonder if it'd be possible to do something with SFTP chroots these days that would make FTP redundant

Originally posted by @jiphex on 2017-03-09T16:01:19.964Z

@patch0
Copy link
Contributor Author

patch0 commented Jul 10, 2017

I'm not sure there is much we can do with this until SNI comes to the ancient world of FTP.

@patch0 patch0 closed this as completed Jul 10, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement security wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@patch0