[Bug 1865461] [NEW] TLSProtocol is ignored -> TLSv1.3 is implicit accepted

[Ralf]

Public bug reported:

proftpd 1.3.5e-1build1
on 18.04.4 LTS (Bionic Beaver)

I have problems using TLSv1.3 connections.

Even with the configuration:
TLSProtocol TLSv1.1 TLSv1.2

the logs show TLSv1.3 connections, which should not be allowed:

mod_tls/2.6[10213]: TLS/TLS-C requested, starting TLS handshake
mod_tls/2.6[10213]: client supports secure renegotiations
mod_tls/2.6[10213]: TLSv1.3 connection accepted, using cipher
TLS_AES_256_GCM_SHA384 (256 bits)
mod_tls/2.6[10213]: Protection set to Private

The following negative directive is not known ans leads to startup errors:
TLSProtocol TLSv1.1 TLSv1.2 -TLSv1.3

Already discussed here: http://bugs.proftpd.org/show_bug.cgi?id=4389

Needs patch for ubuntu!

** Affects: proftpd-dfsg (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of ProFTPD
Maintainance Team, which is subscribed to proftpd-dfsg in Ubuntu.
https://bugs.launchpad.net/bugs/1865461

Title:
  TLSProtocol is ignored -> TLSv1.3 is implicit accepted

Status in proftpd-dfsg package in Ubuntu:
  New

Bug description:
  proftpd 1.3.5e-1build1
  on 18.04.4 LTS (Bionic Beaver)

  I have problems using TLSv1.3 connections.

  Even with the configuration:
  TLSProtocol TLSv1.1 TLSv1.2

  the logs show TLSv1.3 connections, which should not be allowed:

  mod_tls/2.6[10213]: TLS/TLS-C requested, starting TLS handshake
  mod_tls/2.6[10213]: client supports secure renegotiations
  mod_tls/2.6[10213]: TLSv1.3 connection accepted, using cipher
  TLS_AES_256_GCM_SHA384 (256 bits)
  mod_tls/2.6[10213]: Protection set to Private

  The following negative directive is not known ans leads to startup errors:
  TLSProtocol TLSv1.1 TLSv1.2 -TLSv1.3

  Already discussed here: http://bugs.proftpd.org/show_bug.cgi?id=4389

  Needs patch for ubuntu!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1865461/+subscriptions