I can't get vsftpd to work with implicit TLS and FTPS. It seems to be the same problem. I've tried so many different settings but nothing helped. I suspect there might be some SSL/TLS incompatibility between the old vsftpd and modern libraries in Debian.
vsftpd version: 3.0.5-0.2 Debian version: 13.2 trixie Kernel: 6.12.57+deb13-amd64 My configuration worked in Debian 10 / buster. But now in 13 / trixie I have the problem described in this bug report here. 1.) Username and password input work. 2.) The user is authenticated OK. In "journalctl -r" I see: "vsftpd[57875]: pam_userdb(vsftpd:auth): user 'myusername' granted access" 3.) But then the connection terminates. No directory listing. I have tested with the latest versions of FileZilla FTP and WinSCP as clients and with curl 8.4.0. The output of curl is: ### $ curl --ssl-reqd ftps://server.example.org:29902/ -u myusername:sup3rs3cr3t -v * Trying 192.168.0.123:29902... * Connected to server.example.org (192.168.0.123) port 29902 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * Server certificate: * subject: CN=server.example.org * start date: Dec 15 00:00:00 2025 GMT * expire date: Mar 15 23:59:59 2026 GMT * subjectAltName: host "server.example.org" matched cert's "server.example.org" * issuer: C=AT; O=ZeroSSL; CN=ZeroSSL RSA Domain Secure Site CA * SSL certificate verify ok. * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing < 220 Welcome to my server > USER myusername < 331 Please specify the password. > PASS sup3rs3cr3t * TLSv1.3 (OUT), TLS alert, protocol version (582): * OpenSSL SSL_read: OpenSSL/1.1.1w: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, errno 0 * Closing connection curl: (56) OpenSSL SSL_read: OpenSSL/1.1.1w: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, errno 0 ### Output of WinSCP: ### SSL3 alert write: fatal: unexpected_message OpenSSL 0A0001BB: bad record type OpenSSL 0A000139: record layer failure Eine bestehende Verbindung wurde softwaregesteuert durch den Hostcomputer abgebrochen. Verbindung zur Gegenstelle abgebrochen Verbindung ist fehlgeschlagen. ### Output of FileZilla: ### Antwort: 220 Welcome to my server Befehl: USER myusername Antwort: 331 Please specify the password. Befehl: PASS ************** Fehler: GnuTLS-Fehler -15 in gnutls_record_recv: An unexpected TLS packet was received. Fehler: Konnte vom Socket nicht lesen: ECONNABORTED - Verbindung abgebrochen Fehler: Herstellen der Verbindung zum Server fehlgeschlagen Status: Nächsten Versuch abwarten... Fehler: Verbindungsversuch durch Benutzer unterbrochen ### Reg
