Ubuntu
proftpd-dfsg package

TLSProtocol is ignored -> TLSv1.3 is implicit accepted

Bug #1865461 reported by Ralf on 2020-03-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	proftpd-dfsg (Ubuntu)	New	Undecided	Unassigned

Bug Description

proftpd 1.3.5e-1build1
on 18.04.4 LTS (Bionic Beaver)

I have problems using TLSv1.3 connections.

Even with the configuration:
TLSProtocol TLSv1.1 TLSv1.2

the logs show TLSv1.3 connections, which should not be allowed:

mod_tls/2.6[10213]: TLS/TLS-C requested, starting TLS handshake
mod_tls/2.6[10213]: client supports secure renegotiations
mod_tls/2.6[10213]: TLSv1.3 connection accepted, using cipher
TLS_AES_256_GCM_SHA384 (256 bits)
mod_tls/2.6[10213]: Protection set to Private

The following negative directive is not known ans leads to startup errors:
TLSProtocol TLSv1.1 TLSv1.2 -TLSv1.3

Already discussed here: http://bugs.proftpd.org/show_bug.cgi?id=4389

Needs patch for ubuntu!

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuproftpd-dfsg package

TLSProtocol is ignored -> TLSv1.3 is implicit accepted

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
proftpd-dfsg package