Cyberduck Mountain Duck CLI

#10468 new defect

FTPS explicit TLS no longer works without client certificate

Reported by: codeskipper Owned by:
Priority: normal Milestone: 7.1
Component: ftp-tls Version: 6.7.0
Severity: major Keywords: TLS, FTPS
Cc: Architecture: Intel
Platform: macOS 10.13


A few years ago I set up an FTP server for a client, and tested with multiple FTP client software it works as expected with explicit TLS and passive transfers. Cyberduck has alway been my favourite file transfer client and it worked just fine.

Server side is setup with vsftpd and with default settings for ssl_request_cert=YES and require_cert=NO. The latter means (according to man page):

If set to yes, all SSL client connections are required to present a client certificate.

Cyberduck now asks me to point to a local certificate in my login keychain and wants to export it. Without completing this I'm no longer able to connect to the FTP server with Cyberduck. When I test this for my client with alternative tools like FileZilla and WinSCP I can still connect fine without configuring a client TLS cert.

This appears to be a bug, i think the use of a client cert should not be mandatory on the client unless the server requires it.

Best, Martinus

Change History (6)

comment:1 Changed on Jan 31, 2019 at 9:28:43 PM by dkocher

  • Milestone set to 6.9.2

comment:2 Changed on Jan 31, 2019 at 9:29:08 PM by dkocher

  • Milestone changed from 6.9.2 to 6.9.3

comment:3 Changed on Feb 15, 2019 at 12:08:10 PM by dkocher

  • Milestone changed from 6.9.3 to 7.0

Ticket retargeted after milestone closed

comment:5 Changed on May 30, 2019 at 9:09:12 PM by dkocher

#10671 closed as duplicate.

comment:6 Changed on May 31, 2019 at 1:39:49 PM by dkocher

  • Milestone changed from 7.0 to 7.1
Note: See TracTickets for help on using tickets.
swiss made software