DirectAdmin 1.49.1 has been released

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,158
Hello,

DirectAdmin 1.49.1 has been released.
It's recommended that everyone running 1.49.0 update to 1.49.1.

This is a bugfix release to address a backup bug introduced in 1.49.0.
http://www.directadmin.com/features.php?id=1795

The error might look like this:
Code:
ftp_upload.php exit code: 1
ftp_upload.php output: Could not fdopen: Invalid argument.
ncftpput: cannot open 1.2.3.4: fdopen for writing failed.
ncftpput return code: 1
This affects all backup files larger than 1 gig who are not using FTPS.
The new FTPS uploads use curl, which are not affected by the issue.

John
 
Hi,

With the FTPS option enabled, the backup script doesn't create the append folder (day of week, day of month).

When I disable FTPS the Tuesday folder is created.
Afterwards enabling FTPS keeps working, since the Tuesday folder is already there.

regards,
Stijn

edit: found the solution

add "--ftp-create-dirs" to the curl command in ftp_upload.php
this is similar to the -m command in ncftpput
 
Thanks, I've added it for the next release:
https://www.directadmin.com/features.php?id=1796
I might sneak it into the current 1.49.1 packages for future installs/updates.

@Erulezz: For ciphers, this is really handy and can get you the absolute latest list for your setup and openssl version:
https://mozilla.github.io/server-side-tls/ssl-config-generator/
We have to go slightly conservative as a default, as older openssl systems might not like some newer ciphers.
Note: just set the SSLProtocol and SSLCipherSuite in your /etc/httpd/conf/extra/httpd-ssl.conf
Don't enable HSTS globally, or your public_html folders won't get used ever again :) Leave that to Users if it's correct for this setup (can use .htaccess files to do it)
It's currently in the works for CB/apache as well, likely going with an "intermediate" setup. I believe nginx already has the newer list.

John
 
Thanks for that link John, really helpful. :) I would like to use the same strong ciphers as i am using right now with Nginx for DirectAdmin itself, but when i change the ssl_cipher option in directadmin.conf with these strong ciphers i am getting an SSL error when i try to access DA. Is this the only supported suite for DA or am i doing something wrong?

Code:
ssl_cipher=HIGH:!aNULL:!MD5
 
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

With this Cipher:

EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

That is working fine with NGinx :)
 
John,

It would be nice if it could work with the Modern ciphers recommended by Mozilla
https://wiki.mozilla.org/Security/Server_Side_TLS

Modern compatibility
For services that don't need backward compatibility, the parameters below provide a higher level of security. This configuration is compatible with Firefox 27, Chrome 22, IE 11, Opera 14 and Safari 7.

Ciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

Versions: TLSv1.1, TLSv1.2
RSA key size: 2048
DH Parameter size: 2048
Elliptic curves: secp256r1, secp384r1, secp521r1 (at a minimum)
Certificate signature: SHA-256
HSTS: max-age=15724800
 
I'm going to have to do some homework on that. Not yet sure what it needs to make the handshake happy with that cipher string.

John
 
Figured it out:
http://www.directadmin.com/features.php?id=1800

Pre-release binaries are available:
http://help.directadmin.com/item.php?id=408

You can now use:
Code:
ssl_cipher=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
John
 
Back
Top