ftp_upload.php output: curl: (35) error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Ftp

ftp_upload.php output: curl: (35) error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocolLast Modified: Oct 8, 2019, 4:09 pm
When creating a backup, if you hit this error:

User fred has been backed up. <6:27:32>
ftp_upload.php exit code: 35
ftp_upload.php output: curl: (35) error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
curl return code: 35
<6:27:32>

Although a backup error has occurred, the upload of valid backups would have still been attempted to ftps://remote.server.com/ <6:27:32>

it would likely mean that the remote ftp server is not allowing newer protocols.

If the remote server is on an older OS, say CentOS 5, it could be an issue with newer protocols being dropped, so you might be at an impasse.

However, the remote ftp server may simply be set to not use the newer ciphers.
Once case was found to be with proftpd, so edit:

/etc/proftpd.conf

and find the old TLS code:

<IfModule mod_tls.c>
       TLSEngine on
       TLSLog /var/log/proftpd/proftpd.tls.log
       TLSProtocol SSLv23
       #TLSProtocol TLSv1
       TLSVerifyClient off
       TLSRequired off

       #Certificates
       TLSRSACertificateFile /etc/exim.cert
       TLSRSACertificateKeyFile /etc/exim.key
       #TLSCACertificateFile /etc/ftpd/root.cert.pem

       TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
</IfModule>

and replace it with newer cipher lists (assuming you've got a newer OS that supports TLS 1.2):

<IfModule mod_tls.c>
       TLSEngine on
       TLSLog /var/log/proftpd/proftpd.tls.log
       TLSProtocol TLSv1 TLSv1.1 TLSv1.2
       TLSCipherSuite HIGH:MEDIUM:+TLSv1
       TLSVerifyClient off
       TLSRequired off

       #Certificates
       TLSRSACertificateFile /etc/exim.cert
       TLSRSACertificateKeyFile /etc/exim.key
       #TLSCACertificateFile /etc/ftpd/root.cert.pem
</IfModule>

and restart proftpd:

service proftpd restart



You can always refer to the template at:

/usr/local/directadmin/custombuild/configure/proftpd/conf/proftpd.conf

for any changes to the defaults, but the "|IP|" token needs to be swapped with your server IP, if you are manually installing it.

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST