commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Voigt (JIRA)" <j...@apache.org>
Subject [jira] [Created] (NET-408) problem connecting to ProFTPD with FTPES
Date Wed, 18 May 2011 05:29:47 GMT
problem connecting to ProFTPD with FTPES
----------------------------------------

                 Key: NET-408
                 URL: https://issues.apache.org/jira/browse/NET-408
             Project: Commons Net
          Issue Type: Bug
          Components: FTP
    Affects Versions: 2.2, 3.0
         Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 32bit, Kernel 2.6.16.46-0.12-default
(config file attached)
ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
Java 1.5
            Reporter: Michael Voigt


I have a problem with the FTPClient connecting to a ProFTPD server.

If the server uses the configuration option "TLSProtocol TLSv1", I
cannot connect to it at all. I recieve the following error message:
- javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection

On the server side I see in the log:
unable to accept TLS connection: protocol error:
-  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate unknown
- TLS/TLS-C negotiation failed on control channel

If the server uses the configuration option "TLSProtocol SSLv23", I
can connect to it but I cant transfer any files. In the server log I
see:
- starting TLS negotiation on data connection
- TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
- client did not reuse SSL session, rejecting data connection (see
TLSOption NoSessionReuseRequired)
- unable to open data connection: TLS negotiation failed

If I add the NoSessionReuseRequired parameter to the ProFTPD config
everything works fine.

Here is my code:
               FTPClient ftpClient = new FTPClient();
               ftpClient = new FTPSClient("TLS");

               // this throws an exception with TLSProtocol TLSv1
               ftpClient.connect(host, port);

               int reply = ftpClient.getReplyCode();
               if (!FTPReply.isPositiveCompletion(reply)) {
                       ftpClient.disconnect();
                       log.error("The FTP Server did not return a positive completion reply!");
                       throw new FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
               }

               boolean loginSuccessful = ftpClient.login(userName, password);
               if (!loginSuccessful) {
                       log.error("Login to the FTP Server failed! The credentials are not
valid.");
                       throw new FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
               }

               ftpClient.execPBSZ(0);
               ftpClient.execPROT("P");

               boolean success = ftpClient.storeFile(fileName, fis);
               if (!success) {
                       // this is false if "NoSessionReuseRequired" is not set
               }


Now my question is if it is generally possible to connect to a server
with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
"NoSessionReuseRequired" parameter? Could someone provide a piece of
example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message