no ECDHE cipher suites in vsftpd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vsftpd (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Systeminfo:
Description: Ubuntu 12.04.4 LTS
Release: 12.04
vsftpd:
Installed: 3.0.2-1ubuntu2
Candidate: 3.0.2-1ubuntu2
Version table:
*** 3.0.2-1ubuntu2 0
100 /var/lib/
2.3.5-1ubuntu2 0
500 http://
Problem:
When i try to configure my vsftpd server to use ECDHE based ciphers, i get the following error (no shared cipher) in the vsftpd.log file.
Thu Apr 3 10:26:58 2014 [pid 20595] CONNECT: Client "<CLIENTIP>"
Thu Apr 3 10:26:58 2014 [pid 20595] FTP response: Client "<CLIENTIP>", "220 v1"
Thu Apr 3 10:26:58 2014 [pid 20595] FTP command: Client "<CLIENTIP>", "AUTH TLS"
Thu Apr 3 10:26:58 2014 [pid 20595] FTP response: Client "<CLIENTIP>", "234 Proceed with negotiation."
Thu Apr 3 10:26:58 2014 [pid 20595] DEBUG: Client "<CLIENTIP>", "SSL_accept failed: error:1408A0C1:SSL routines:
Tests:
Ciphers i have tested (only high security, so: no SHA):
openssl ciphers -v 'EECDH+AESGCM EDH+AESGCM EECDH -RC4 -EDH -CAMELLIA -SEED !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4 !SHA'
ECDHE-RSA-
ECDHE-ECDSA-
ECDHE-RSA-
ECDHE-ECDSA-
ECDHE-RSA-
ECDHE-ECDSA-
ECDHE-RSA-
ECDHE-ECDSA-
The problem also comes up with:
ECDHE-RSA-
ECDHE-ECDSA-
ECDHE-RSA-
ECDHE-ECDSA-
We need this feature for higher security on all ftps transfers.
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.