Hi, we just discovered tht we cannot connect with TLS to our Ubuntu 16.04 server running pure-ftpd-mysql-1.0.36-3.2build1. We normally use FileZilla as client and I suspected it is the TLS 1.3 vs 1.2 problem described elsewhere, but I just verified that it does not work also when using WinSCP. When I check the TSL stack with "testssl -t ftp x.x.x.x:21", things look good, I see TLS1.2 and a quite typical SSL setup. But in the WinSCP log I only see > 2019-10-22 13:09:38.416 AUTH TLS < 2019-10-22 13:09:38.432 234 AUTH TLS OK. . 2019-10-22 13:09:53.196 Zeit abgelaufen (Kontrollverbindung) . 2019-10-22 13:09:53.196 Verbindung fehlgeschlagen. and in the syslog of the server I see Oct 22 13:19:22 xxx pure-ftpd: ([email protected]) [INFO] New connection from 220.127.116.11 Oct 22 13:19:22 xxx pure-ftpd: ([email protected]) [DEBUG] Command [auth] [TLS] Oct 22 13:19:37 xxx pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms. We have the command line /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -u 1000 -S d.e.f.g,21 -O clf:/var/log/pure-ftpd/transfer.log -D -Y 1 -E -z -H -A -p 64000:64766 -J ALL:!aNULL:!SSLv3 -b -8 UTF-8 -d -B So TLS is not mandatory and we should accept lots of ciphers. Sadly, it is difficult to say what is going wrong here as the server logs do not tell much. When looking at the data stream with TCPDUMP, nothing sensible happens after " FTP: 234 AUTH TLS OK", as if the two sides would not agree on who does the next step. I know pure-ftpd is outside the scope of ispconfig itself - but I many people seem to have various problems with pure-ftpd and TLS lately, so I thought I might ask if this rings a bell with someone. Any hints?