Vsftpd-tls with internal error 80

6v87qe · October 8, 2019, 7:27am

Dear Forum, I've recently got vsftpd-tls (v3.03) installed on my Linksys WRT3200ACM router runing OpenWrt SNAPSHOT r10899-1c0290c5cc.

what troubles me is that this FTP server works absolutely fine when fresh start. However, When disconnect it and reconenct it again, it gives me this "internal error 80" meaning SSL not perperly shutdown. When I restarted vsftpd services again, this error message just go away.

Any ideal on how to fix this ? my config file is as follows

background=YES
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
check_shell=NO
#dirmessage_enable=YES
ftpd_banner=Welcome to Scheng's FTP service.
session_support=NO
syslog_enable=YES
#userlist_enable=YES
#userlist_deny=NO
#userlist_file=/etc/vsftpd/vsftpd.users
#xferlog_enable=YES
#xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES
###
### TLS/SSL options
### example key generation: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd_privkey.pem -out /etc/vsftpd/vsftpd_cert.pem -subj /C="DE"/ST="Saxony"/L="Leipzig"/CN="OpenWrt"
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd_cert.pem
rsa_private_key_file=/etc/vsftpd/vsftpd_privkey.pem
use_localtime=YES
listen_port=21
chroot_local_user=YES
idle_session_timeout=300
data_connection_timeout=120
guest_enable=YES
guest_username=ftpuser1
#user_config_dir=/etc/vsftpd/vuser_conf
virtual_use_local_privs=YES
pasv_min_port=10060
pasv_max_port=10090
accept_timeout=5
allow_writeable_chroot=YES

jeff · October 8, 2019, 7:34am

Not likely the root of the problem, but these are considered insecure and “banned” in many situations.

SSL, which is now prohibited by RFC7568

One way to “fix” this is to use SSH-based protocols (ssh, scp, sftp, rsync) or HTTP-S. Especially for home users, there are vanishingly small applications where FTP would be a top choice.

6v87qe · October 8, 2019, 7:55am

Thanks, Jeff, so you are saying FTP-TLS is a vanishing protocol, that may be the cause of the problem ? Better to use SSH instead
If I put

ssl_sslv2=No
ssl_sslv3=No

still the same error 80

jeff · October 8, 2019, 8:00am

While I think it’s a “vanished” protocol, or at least one looking for a problem to solve, it probably isn’t the direct cause of your symptoms.

However, using a modern protocol appropriate for the use case likely avoids the problem you’re having with vsftpd. Personally, I’d probably use the SSH-based protocols for authenticated file transfer, HTTP-S for anonymous file download (and would not allow anonymous file upload at all).

Edit: If sticking with vsftpd, which TLS library is it built against? What are the log messages? That is is marked to background needs to be checked against its init file.

6v87qe · October 8, 2019, 8:07am

fair enough. a ProFTP-TLS with similar setup on CentOS gives no problem at all, I guess due to the OpenWRT or vsftpd itself.

system · October 18, 2019, 8:07am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.