[Cyberduck-trac] [Cyberduck] #10468: FTPS explicit TLS no longer works without client certificate
Cyberduck
trac at cyberduck.io
Thu Sep 20 14:48:02 UTC 2018
#10468: FTPS explicit TLS no longer works without client certificate
----------------------------+-------------------------
Reporter: codeskipper | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: ftp-tls | Version: 6.7.0
Severity: major | Keywords: TLS, FTPS
Architecture: Intel | Platform: macOS 10.13
----------------------------+-------------------------
A few years ago I set up an FTP server for a client, and tested with
multiple FTP client software it works as expected with explicit TLS and
passive transfers. Cyberduck has alway been my favourite file transfer
client and it worked just fine.
Server side is setup with vsftpd and with default settings for
ssl_request_cert=YES and require_cert=NO. The latter means (according to
man page):
If set to yes, all SSL client connections are required to present a
client certificate.
Cyberduck now asks me to point to a local certificate in my login keychain
and wants to export it. Without completing this I'm no longer able to
connect to the FTP server with Cyberduck. When I test this for my client
with alternative tools like FileZilla and WinSCP I can still connect fine
without configuring a client TLS cert.
This appears to be a bug, i think the use of a client cert should not be
mandatory on the client unless the server requires it.
Best,
Martinus
--
Ticket URL: <https://trac.cyberduck.io/ticket/10468>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list