commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bogdan Drozdowski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES
Date Fri, 20 May 2011 16:56:47 GMT

    [ https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13036928#comment-13036928
] 

Bogdan Drozdowski commented on NET-408:
---------------------------------------

Some say it's impossible (http://forums.oracle.com/forums/thread.jspa?messageID=9279689),
but the Java SSE Reference guide says (JSSERefGuide.html#SSLSession) the SSLContext, SSLSession
and SSLEngine can be used to re-use the session, with the help of SSLContext.getClientSessionContext(),
or by just simply using the same SSLContext for the subsequent sockets. On some message board
I've also read that altering the default behaviour (or adding this functionality) would eventually
lead to re-implementing many, many classes.

Apache's FTPSClient seems to use the same SSLContext for the control and data connections,
so this should work. But it may be the problem that the control channel connects to the host
by name and the data channel connects using the IP address (because this is what the PASV
command gives), so the addresses may not match and the session is not reused.

Michael, could you try connecting to the host by its IP address and checking if that works
(that is, NoSessionReuseRequired is not required any more)? Could you also please check if
data transfer works in ACTIVE mode?

> problem connecting to ProFTPD with FTPES
> ----------------------------------------
>
>                 Key: NET-408
>                 URL: https://issues.apache.org/jira/browse/NET-408
>             Project: Commons Net
>          Issue Type: Bug
>          Components: FTP
>    Affects Versions: 2.2, 3.0
>         Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 32bit, Kernel
2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>            Reporter: Michael Voigt
>         Attachments: ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>                FTPClient ftpClient = new FTPClient();
>                ftpClient = new FTPSClient("TLS");
>                // this throws an exception with TLSProtocol TLSv1
>                ftpClient.connect(host, port);
>                int reply = ftpClient.getReplyCode();
>                if (!FTPReply.isPositiveCompletion(reply)) {
>                        ftpClient.disconnect();
>                        log.error("The FTP Server did not return a positive completion
reply!");
>                        throw new FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>                }
>                boolean loginSuccessful = ftpClient.login(userName, password);
>                if (!loginSuccessful) {
>                        log.error("Login to the FTP Server failed! The credentials are
not valid.");
>                        throw new FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>                }
>                ftpClient.execPBSZ(0);
>                ftpClient.execPROT("P");
>                boolean success = ftpClient.storeFile(fileName, fis);
>                if (!success) {
>                        // this is false if "NoSessionReuseRequired" is not set
>                }
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message