Ubuntu
vsftpd package

500 OOPS: unrecognised variable in config file: ssl_tlsv1_1

Bug #1840963 reported by Rob
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vsftpd (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

I'm running several instances of vsftpd on this host but i have disabled them all to investigate this problem.

the vsftps.conf file attached in the bug report is not this config for an ssl enabled config of vsftpd.conf

#This is an extract from the actual config /etc/vsftpd_ftps.conf

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

ssl_tlsv1_1=YES
ssl_tlsv1_2=YES
require_ssl_reuse=YES
ssl_ciphers=HIGH

#end config

If I run the command:-

 $vsftpd /var/vsftpd_ftps.conf

The output is:-
  500 OOPS: unrecognised variable in config file: ssl_tlsv1_1

Ubuntu server release
Description: Ubuntu 18.04.3 LTS
Release: 18.04

I'm not sure if these are supposed to be supported in v3.0.3 however if you look at https://github.com/InfrastructureServices/vsftpd/blob/master/vsftpd.conf.5 you will see that ssl_tlsv1_1 and ssl_tlsv1_2 are both listed.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: vsftpd 3.0.3-9build1 [modified: lib/systemd/system/vsftpd.service]
ProcVersionSignature: Ubuntu 4.15.0-58.64-generic 4.15.18
Uname: Linux 4.15.0-58-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
Date: Wed Aug 21 17:37:24 2019
ProcEnviron:
 TERM=screen-256color
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: vsftpd
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.init.d.vsftpd: [modified]
modified.conffile..etc.vsftpd.conf: [modified]
mtime.conffile..etc.init.d.vsftpd: 2019-08-21T12:43:46.356000
mtime.conffile..etc.vsftpd.conf: 2019-08-21T15:06:27.384000
vsftpd.log:

Revision history for this message
Rob (rob-kent) wrote :
Revision history for this message
Paride Legovini (paride) wrote :

Thanks for your report. It seems that the options you mentioned were not present yet in the version of vsftpd shipped with Bionic, and indeed the vsftpd.conf(5) manpage provided by the package in Bionic does not mention them.

The options were documented in the manpage with this commit:

https://github.com/InfrastructureServices/vsftpd/commit/01bef55a1987700af3

dated 2016-11-17, while according to [0] vsftpd 3.0.3 (the version in Bionic) was shipped in 2015. I'm setting the status of this report to Incomplete for the moment. If you agree with what I found out please close the report by setting its status to Incomplete, or comment back so we can do it. If you still think this is a bug in Ubuntu and I misunderstood you report, please comment with any relevant additional detail, set the report status back to New, and we'll look at it again. Thank you!

[0] https://security.appspot.com/vsftpd.html

Changed in vsftpd (Ubuntu):
status: New → Incomplete
Revision history for this message
Rob (rob-kent) wrote :

Ah, thank you Paride.

I see that 3.0.3 was released in July and then that commit was after.

I guess that will come in a later release?

Also thanks for the tip about the man vsftpd.conf

I should in future look there first rather than googling!
Every day is an education!

I'll close it now.

Regards
Robert

Revision history for this message
Rob (rob-kent) wrote :

Sorry, it's my first report.
I assume I can't close it and it'll just expire in 59 days?

Revision history for this message
Rob (rob-kent) wrote :

Just to note I think what threw me was this article
https://www.liquidweb.com/kb/configure-vsftpd-ssl/

They have ssl_tlsv1_1 and ssl_tlsv1_2 on their config and above there was a link to install vsftpd on 16.04

Maybe centos has a newer version of vsftps or its a mistake in that article?

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for vsftpd (Ubuntu) because there has been no activity for 60 days.]

Changed in vsftpd (Ubuntu):
status: Incomplete → Expired
Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks for getting back to us, I noticed this just expired but you wanted it marked invalid, so have updated it so.

Changed in vsftpd (Ubuntu):
status: Expired → Invalid
Revision history for this message
mr calvin (mrcalvin) wrote :

It seem "ssl_tlsv1_1" and "ssl_tlsv1_2" are RHEL patches. And they don't seem to be needed at all as you can use the option `ssl_ciphers=`

See https://serverfault.com/questions/790527/how-to-enable-tls-1-1-minimum-on-vsftpd/1002058#1002058

Revision history for this message
Rob (rob-kent) wrote :

Thanks for the heads up clavin.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.