Ich steh auf´m Schlauch, habt ihr einen Tipp? Ich krieg keine TLS-Verbindung zu meinem FTP-Server (proftpd) zustande. Auf der Maschine selbst sieht es gut aus: $ openssl s_client -connect localhost:21 -starttls ftp CONNECTED(00000003) depth=0 CN = line verify error:num=18:self signed certificate verify return:1 depth=0 CN = line verify return:1 --- Certificate chain 0 s:/CN=line [.... AUSLASSUNG ....] No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1281 bytes and written 312 bytes Verification error: self signed certificate --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : [ ..... ENTFERNT .....] Session-ID: [ ..... ENTFERNT .....] Session-ID-ctx: Master-Key: [ ..... ENTFERNT .....] PSK identity: None PSK identity hint: None SRP username: None Start Time: 1515708844 Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) Extended master secret: no --- 220 ProFTPD 1.3.5b Server (Debian) [::1] Doch von "Außerhalb" ... $ openssl s_client -connect 185.162.250.29:21 -starttls ftp CONNECTED(00000003) 140246464558736:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:797: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 96 bytes and written 285 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1515708954 Timeout : 300 (sec) Verify return code: 0 (ok) Warum "unknown protocol" - wenn es doch auf localhost funktioniert? Viele Grüße Ralph -- Mailing-Liste der Linux User Schwabach (LUSC) e.V. Vor und beim Posten bitte http://lusc.de/List-Netiquette < und http://lusc.de/List-Howto < beachten. Danke!