Results 1 to 13 of 13

Thread: DirectAdmin 1.49.1 has been released

  1. #1

    DirectAdmin 1.49.1 has been released

    Hello,

    DirectAdmin 1.49.1 has been released.
    It's recommended that everyone running 1.49.0 update to 1.49.1.

    This is a bugfix release to address a backup bug introduced in 1.49.0.
    http://www.directadmin.com/features.php?id=1795

    The error might look like this:
    Code:
    ftp_upload.php exit code: 1
    ftp_upload.php output: Could not fdopen: Invalid argument.
    ncftpput: cannot open 1.2.3.4: fdopen for writing failed.
    ncftpput return code: 1
    This affects all backup files larger than 1 gig who are not using FTPS.
    The new FTPS uploads use curl, which are not affected by the issue.

    John

  2. #2
    Join Date
    Sep 2015
    Location
    Arnhem, The Netherlands
    Posts
    199
    Works great, thanks. Any news on new and stronger ciphers we can use with DA?

  3. #3
    Join Date
    Apr 2008
    Location
    Belgium
    Posts
    134
    Hi,

    With the FTPS option enabled, the backup script doesn't create the append folder (day of week, day of month).

    When I disable FTPS the Tuesday folder is created.
    Afterwards enabling FTPS keeps working, since the Tuesday folder is already there.

    regards,
    Stijn

    edit: found the solution

    add "--ftp-create-dirs" to the curl command in ftp_upload.php
    this is similar to the -m command in ncftpput

  4. #4
    Thanks, I've added it for the next release:
    https://www.directadmin.com/features.php?id=1796
    I might sneak it into the current 1.49.1 packages for future installs/updates.

    @Erulezz: For ciphers, this is really handy and can get you the absolute latest list for your setup and openssl version:
    https://mozilla.github.io/server-sid...fig-generator/
    We have to go slightly conservative as a default, as older openssl systems might not like some newer ciphers.
    Note: just set the SSLProtocol and SSLCipherSuite in your /etc/httpd/conf/extra/httpd-ssl.conf
    Don't enable HSTS globally, or your public_html folders won't get used ever again Leave that to Users if it's correct for this setup (can use .htaccess files to do it)
    It's currently in the works for CB/apache as well, likely going with an "intermediate" setup. I believe nginx already has the newer list.

    John

  5. #5
    Join Date
    Sep 2015
    Location
    Arnhem, The Netherlands
    Posts
    199
    Thanks for that link John, really helpful. I would like to use the same strong ciphers as i am using right now with Nginx for DirectAdmin itself, but when i change the ssl_cipher option in directadmin.conf with these strong ciphers i am getting an SSL error when i try to access DA. Is this the only supported suite for DA or am i doing something wrong?

    Code:
    ssl_cipher=HIGH:!aNULL:!MD5

  6. #6
    If you can paste me the cipher you're trying to use, and which binaries you've got (output from: ./directadmin o) then I could test here to see what I can see.
    You can either reply here, or create a ticket: https://tickets.directadmin.com

    John

  7. #7
    Join Date
    Sep 2015
    Location
    Arnhem, The Netherlands
    Posts
    199
    ERR_SSL_VERSION_OR_CIPHER_MISMATCH

    With this Cipher:

    EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

    That is working fine with NGinx

  8. #8
    Join Date
    Sep 2009
    Posts
    213
    John,

    It would be nice if it could work with the Modern ciphers recommended by Mozilla
    https://wiki.mozilla.org/Security/Server_Side_TLS

    Modern compatibility
    For services that don't need backward compatibility, the parameters below provide a higher level of security. This configuration is compatible with Firefox 27, Chrome 22, IE 11, Opera 14 and Safari 7.

    Ciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

    Versions: TLSv1.1, TLSv1.2
    RSA key size: 2048
    DH Parameter size: 2048
    Elliptic curves: secp256r1, secp384r1, secp521r1 (at a minimum)
    Certificate signature: SHA-256
    HSTS: max-age=15724800

  9. #9
    I'm going to have to do some homework on that. Not yet sure what it needs to make the handshake happy with that cipher string.

    John

  10. #10
    Join Date
    Sep 2015
    Location
    Arnhem, The Netherlands
    Posts
    199
    Thanks for the update! It's a nice feature to have to have everything to secure as possible.

  11. #11
    Figured it out:
    http://www.directadmin.com/features.php?id=1800

    Pre-release binaries are available:
    http://help.directadmin.com/item.php?id=408

    You can now use:
    Code:
    ssl_cipher=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
    John

  12. #12
    Join Date
    Sep 2009
    Posts
    213
    Thank you John.
    I will try it soon.

  13. #13
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,482
    Seems to work ok

    However, on Debian 6 it states TLS1.0
    Last edited by Peter Laws; 11-01-2015 at 08:03 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •