# [SOLVED] vsftpd FTP server and client trying to ls dir

## Vieri

Hi,

I just hit a really weird issue.

I'm serving files with FTPS explicit encryption on a Gentoo vsftpd server.

Everything is OK as long as there are less than 30 files in a given directory.

As soon as there are 30+ I get a TLS/SSL error on the client, and the dir listing is not available.

```
# emerge --info vsftpd

net-ftp/vsftpd-3.0.2-r1::gentoo was built with the following:

USE="pam ssl tcpd -caps (-selinux) -xinetd" ABI_X86="(64)"

```

The client's FTP log shows:

```
WinSCP v. 5.9.6

. 2017-08-28 14:50:15.489 Data connection opened

. 2017-08-28 14:50:15.489 Trying reuse main TLS session ID

. 2017-08-28 14:50:15.489 TLS layer changed state from none to connected

< 2017-08-28 14:50:15.489 150 Here comes the directory listing.

. 2017-08-28 14:50:15.505 Session ID reused

. 2017-08-28 14:50:15.505 TLS connect: SSLv3 read server hello A

. 2017-08-28 14:50:15.505 TLS connect: SSLv3 read finished A

. 2017-08-28 14:50:15.505 TLS connect: SSLv3 write change cipher spec A

. 2017-08-28 14:50:15.505 TLS connect: SSLv3 write finished A

. 2017-08-28 14:50:15.505 TLS connect: SSLv3 flush data

. 2017-08-28 14:50:15.505 Using TLSv1.2, cipher TLSv1/SSLv3: AES256-GCM-SHA384, 4096 bit RSA, AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD

. 2017-08-28 14:50:15.505 TLS connection established

. 2017-08-28 14:50:15.505 SSL3 alert write: fatal: protocol version

. 2017-08-28 14:50:15.505 error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

. 2017-08-28 14:50:15.505 wrong version number

. 2017-08-28 14:50:15.505 TLS layer changed state from connected to closed

. 2017-08-28 14:50:15.505 Data connection closed

```

Here's my vsftpd conf file:

```
dirmessage_enable=YES

dirlist_enable=YES

ftpd_banner=My FTP server

chown_uploads=NO

xferlog_enable=YES

idle_session_timeout=600

data_connection_timeout=120

ascii_upload_enable=NO

ascii_download_enable=NO

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd/chroot_list

userlist_enable=YES

userlist_deny=NO

userlist_file=/etc/vsftpd/user_list

listen=YES

listen_address=10.215.144.91

ls_recurse_enable=NO

max_clients=30

max_per_ip=10

anonymous_enable=NO

local_enable=YES

write_enable=YES

anon_upload_enable=NO

anon_mkdir_write_enable=NO

anon_other_write_enable=NO

local_max_rate=1310720

pasv_max_port=3000

pasv_min_port=2990

pasv_addr_resolve=YES

pasv_address=ftp.mydomain.org

ssl_enable=YES

allow_anon_ssl=NO

force_local_data_ssl=YES

force_local_logins_ssl=YES

ssl_tlsv1=YES

ssl_sslv2=NO

ssl_sslv3=NO

rsa_cert_file=/etc/ssl/vsftpd/vsftpd.pem

rsa_private_key_file=/etc/ssl/vsftpd/vsftpd.pem

vsftpd_log_file=/var/log/vsftpd.lan.log

log_ftp_protocol=YES

ssl_ciphers=HIGH

```

What can I try?

VieriLast edited by Vieri on Wed Aug 30, 2017 9:14 pm; edited 1 time in total

----------

## VinzC

Have you tried an FTPS client on the local machine (aka the server) ?

----------

## Vieri

I switched to proftpd. Works great for now.

Thanks.

----------

## VinzC

Glad you found a way. You're welcome  :Smile: .

----------

