cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: How to implement TLS session resumption in libcurl when connecting to FTPS servers

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 26 Apr 2016 03:16:09 -0400

On 4/25/2016 10:03 AM, Moti Avrahami wrote:
> Hello,
>
> I am using libcurl (v7.47.1) on Windows, together with mbedTLS
> (v2.2.1) as a TLS backend, to connect to FTPS servers.
> Although I managed to connect to some FTPS servers, I encountered a
> problem to connect to FileZilla server, even when succeeded with
> FileZilla client. After investigate it, I found out it was because a
> new ability that was added to FileZilla server in v0.9.51, that
> requires from the clients to implement TLS session resumption*. This
> feature is enabled by default and only after disabling it, I managed
> to connect the server.
>
> So my problem is that I can't establish a FTPS session, using my
> libcurl-using client, to FileZilla** server. Does someone is aware to
> this issue or know how can I enable it via libcurl?
>
> Thanks,
> Moti Avrahami
>
>
> *The TLS session resumption feature increase the security of the FTPS
> handshake by checking if the TLS session of the data connection
> matches the session of the control connection. In that case, both the
> client and the server have the guarantee that the data connection is
> genuine. (you can read more here:
> https://forum.filezilla-project.org/viewtopic.php?t=36903)
>
> **In my case this is FileZilla but as far as I read, this feature has
> started to be adopted by other FTP servers, just like vsftpd, so I
> wonder whether we have a real problem here.
>

It's a bug. libcurl isn't properly saving and restoring the session for
mbedtls (and probably polarssl). Thomas Glanzmann reported mbedtls
session resume issues several months ago [1] but it looks like I never
followed up. I've started fixing it [2], please try that branch and tell
me if it works for you. Thanks

[1]: https://curl.haxx.se/mail/lib-2016-01/0070.html
[2]:
https://github.com/jay/curl/compare/master...jay:mbedtls_fix_session_resume?expand=1

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-04-26

This message: [ Message body ]
Next message: Thomas Glanzmann: "Re: CURLOPT_CONNECT_ONLY: * Closing connection 2"
Previous message: Ganesh Nikam: "HTTP2: how to know the HTTP version used by libcurl"
In reply to: Moti Avrahami: "How to implement TLS session resumption in libcurl when connecting to FTPS servers"
Next in thread: Ray Satiro via curl-library: "Re: How to implement TLS session resumption in libcurl when connecting to FTPS servers"
Reply: Ray Satiro via curl-library: "Re: How to implement TLS session resumption in libcurl when connecting to FTPS servers"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]