cURL / Mailing Lists / curl-library / Single Mail


Re: How to implement TLS session resumption in libcurl when connecting to FTPS servers

From: Ray Satiro via curl-library <>
Date: Tue, 26 Apr 2016 03:16:09 -0400

On 4/25/2016 10:03 AM, Moti Avrahami wrote:
> Hello,
> I am using libcurl (v7.47.1) on Windows, together with mbedTLS
> (v2.2.1) as a TLS backend, to connect to FTPS servers.
> Although I managed to connect to some FTPS servers, I encountered a
> problem to connect to FileZilla server, even when succeeded with
> FileZilla client. After investigate it, I found out it was because a
> new ability that was added to FileZilla server in v0.9.51, that
> requires from the clients to implement TLS session resumption*. This
> feature is enabled by default and only after disabling it, I managed
> to connect the server.
> So my problem is that I can't establish a FTPS session, using my
> libcurl-using client, to FileZilla** server. Does someone is aware to
> this issue or know how can I enable it via libcurl?
> Thanks,
> Moti Avrahami
> *The TLS session resumption feature increase the security of the FTPS
> handshake by checking if the TLS session of the data connection
> matches the session of the control connection. In that case, both the
> client and the server have the guarantee that the data connection is
> genuine. (you can read more here:
> **In my case this is FileZilla but as far as I read, this feature has
> started to be adopted by other FTP servers, just like vsftpd, so I
> wonder whether we have a real problem here.

It's a bug. libcurl isn't properly saving and restoring the session for
mbedtls (and probably polarssl). Thomas Glanzmann reported mbedtls
session resume issues several months ago [1] but it looks like I never
followed up. I've started fixing it [2], please try that branch and tell
me if it works for you. Thanks


List admin:
Received on 2016-04-26