pure-ftpd unsorted certificate chain

ssgill

Verified User
Joined
May 9, 2012
Messages
88
Hello, i recently moved from proftpd to pure-ftpd. Now when i connect Filezilla works fine but it does show error

1) Error: Server sent unsorted certificate chain in violation of the TLS specifications

Any ideas, i am using stock "/etc/pure-ftpd.conf", i guess thats default for new installs. Also in the header location of the config file it states that to use this file run following command

/usr/sbin/pure-ftpd /etc/etc/pure-ftpd.conf

This is incorrect, should be one etc not 2, i modified and ran this command and did not got any response so i guess it was all good.


2) I updated my config file to only use TLS 1.2, my edits

# This option accepts three values:
# 0: disable SSL/TLS encryption layer (default).
# 1: accept both cleartext and encrypted sessions.
# 2: refuse connections that don't use the TLS security mechanism,
# including anonymous sessions.
# Do _not_ uncomment this blindly. Double check that:
# 1) The server has been compiled with TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS 2


# Cipher suite for TLS sessions.
# The default suite is secure and setting this property is usually
# only required to *lower* the security to cope with legacy clients.
# Prefix with -C: in order to require valid client certificates.
# If -C: is used, make sure that clients' public keys are present on
# the server.

# TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
TLSCipherSuite HIGH:MEDIUM:+TLSv1.2:!TLSv1.1:!TLSv1:!SSLv2:!SSLv3
Restarted pure-ftpd and log files shows

[INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher

I was hoping to see TLS1.2 for connection, in advise.

Thanks
 

ssgill

Verified User
Joined
May 9, 2012
Messages
88
Hello, i recently moved from proftpd to pure-ftpd. Now when i connect Filezilla works fine but it does show error

1) Error: Server sent unsorted certificate chain in violation of the TLS specifications

Any ideas, i am using stock "/etc/pure-ftpd.conf", i guess thats default for new installs. Also in the header location of the config file it states that to use this file run following command

/usr/sbin/pure-ftpd /etc/etc/pure-ftpd.conf

This is incorrect, should be one etc not 2, i modified and ran this command and did not got any response so i guess it was all good.


2) I updated my config file to only use TLS 1.2, my edits

Restarted pure-ftpd and log files shows

[INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher

I was hoping to see TLS1.2 for connection, in advise.

Thanks
Fixed it by updating /etc/pure-ftpd.pem, it had localhost keys changed them to server key and certificate files and all good now.
 

Albert

Verified User
Joined
Oct 25, 2019
Messages
33
Error: Server sent unsorted certificate chain in violation of the TLS specifications
This error can be display with Filezilla, if the FTP parameter used is an IP address or something not in accordance with the SSL certificate.
ftp.domain.com should be enable with the SSL certificate, and used to be connected by FTP, it will avoid this error with Filezilla
 
Top