Description of problem: lftp does not perform a bi-directional TLS shutdown when used in CCC mode. Upstream has a patch for this issue that works on the RHEL5 version of lftp. Version-Release number of selected component (if applicable): lftp-3.7.11-4.el5 How reproducible: Always (for me) Steps to Reproduce: 1. Set up FTP server that supports CCC (eg ProFTPD 1.3.2) 2. Connect to FTP server using lftp and TLS with the following options: - debug 12 - set ftp:ssl-force true - set ftp:ssl-protect-list yes - set ftp:ssl-protect-data yes - set ftp:ssl-use-ccc yes 3. Connect to the FTP site and attempt a directory listing. Actual results: Directory listing hangs. ProFTPD spits out an error similar to: Oct 15 19:14:04 mod_tls/2.1.2[14893]: SSL_shutdown error [1]: (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Expected results: TLS is shut down and directory listing proceeds normally. Additional info: ProFTPD has a bug[1] that mentions this issue. Also see this[2] thread from the lftp-devel list which includes a patch that addresses the issue. This patch shouldn't change the ABI. I have created a patched version[3] of lftp for EL5 and verified that it fixes the issue (for me). [1] http://bugs.proftpd.org/show_bug.cgi?id=2994 [2] http://www.mail-archive.com/lftp-devel%40uniyar.ac.ru/msg01744.html [3] http://rayvd.fedorapeople.org/lftp/el5/
This would presumably affect RHEL6 depending on what version of lftp is included. I have opened SR #1995962 for this issue as an RFE.
*** This bug has been marked as a duplicate of bug 570495 ***