commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Jeffrey (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (NET-479) After upgrade from JRE 1.6 Update 27 to Update 29, cannot logon using FTPS
Date Tue, 04 Sep 2012 14:46:07 GMT

     [ https://issues.apache.org/jira/browse/NET-479?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Mark Jeffrey updated NET-479:
-----------------------------

    Description: 
Using the following code works with JRE Update 27 but not with JRE Update 29 and later (neither
Update 30 nor Update 35 work - and there was no Update 28).

{noformat}
final FTPSClient ftpsClient = new FTPSClient("TLS", true);

ftpsClient.connect("test.ftps.xxxx.com", 6366);
final int replyCode = ftpsClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(replyCode)) {
    throw new RuntimeException();
}
ftpsClient.enterLocalPassiveMode();
if (!ftpsClient.login("user", "pass")) {
   throw new RuntimeException("Cannot logon");
}
{noformat}


With update 29 I receive the exception 'Cannot logon".
I have tried to determine what has changed between the two releases and it seems there have
been some changes to TLS - these are the release notes - with links to the security advisory:
http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html


Update 27 and 29 can be found here:
http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase6-419409.html#jdk-6u27-oth-JPR


I also tried this (I can attach the debug output but it didn't seem to differ significantly
between the successful and failed attempts)

{noformat}
System.setProperty("javax.net.debug", "ssl");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("sun.security.ssl.allowLegacyHelloMessages" , "true");
{noformat}

Unfortunately I do not have any detailed information on the FTPS server I am connecting to
(it is a Bank's test server).
Any help would be appreciated.

  was:
Using the following code works with JRE Update 27 but not with JRE Update 29 (there was no
28).

{noformat}
final FTPSClient ftpsClient = new FTPSClient("TLS", true);

ftpsClient.connect("test.ftps.xxxx.com", 6366);
final int replyCode = ftpsClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(replyCode)) {
    throw new RuntimeException();
}
ftpsClient.enterLocalPassiveMode();
if (!ftpsClient.login("user", "pass")) {
   throw new RuntimeException("Cannot logon");
}
{noformat}


With update 29 I receive the exception 'Cannot logon".
I have tried to determine what has changed between the two releases and it seems there have
been some changes to TLS - these are the release notes - with links to the security advisory:
http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html


Update 27 and 29 can be found here:
http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase6-419409.html#jdk-6u27-oth-JPR


I also tried this (I can attach the debug output but it didn't seem to differ significantly
between the successful and failed attempts)

{noformat}
System.setProperty("javax.net.debug", "ssl");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("sun.security.ssl.allowLegacyHelloMessages" , "true");
{noformat}

Unfortunately I do not have any detailed information on the FTPS server I am connecting to
(it is a Bank's test server).
Any help would be appreciated.

    
> After upgrade from JRE 1.6 Update 27 to Update 29, cannot logon using FTPS
> --------------------------------------------------------------------------
>
>                 Key: NET-479
>                 URL: https://issues.apache.org/jira/browse/NET-479
>             Project: Commons Net
>          Issue Type: Bug
>          Components: FTP
>    Affects Versions: 3.1
>            Reporter: Mark Jeffrey
>
> Using the following code works with JRE Update 27 but not with JRE Update 29 and later
(neither Update 30 nor Update 35 work - and there was no Update 28).
> {noformat}
> final FTPSClient ftpsClient = new FTPSClient("TLS", true);
> ftpsClient.connect("test.ftps.xxxx.com", 6366);
> final int replyCode = ftpsClient.getReplyCode();
> if (!FTPReply.isPositiveCompletion(replyCode)) {
>     throw new RuntimeException();
> }
> ftpsClient.enterLocalPassiveMode();
> if (!ftpsClient.login("user", "pass")) {
>    throw new RuntimeException("Cannot logon");
> }
> {noformat}
> With update 29 I receive the exception 'Cannot logon".
> I have tried to determine what has changed between the two releases and it seems there
have been some changes to TLS - these are the release notes - with links to the security advisory:
> http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html
> Update 27 and 29 can be found here:
> http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase6-419409.html#jdk-6u27-oth-JPR
> I also tried this (I can attach the debug output but it didn't seem to differ significantly
between the successful and failed attempts)
> {noformat}
> System.setProperty("javax.net.debug", "ssl");
> System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
> System.setProperty("sun.security.ssl.allowLegacyHelloMessages" , "true");
> {noformat}
> Unfortunately I do not have any detailed information on the FTPS server I am connecting
to (it is a Bank's test server).
> Any help would be appreciated.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message