Re: How to implement TLS session resumption in libcurl when connecting to FTPS servers
Date: Tue, 26 Apr 2016 03:16:09 -0400
On 4/25/2016 10:03 AM, Moti Avrahami wrote:
> I am using libcurl (v7.47.1) on Windows, together with mbedTLS
> (v2.2.1) as a TLS backend, to connect to FTPS servers.
> Although I managed to connect to some FTPS servers, I encountered a
> problem to connect to FileZilla server, even when succeeded with
> FileZilla client. After investigate it, I found out it was because a
> new ability that was added to FileZilla server in v0.9.51, that
> requires from the clients to implement TLS session resumption*. This
> feature is enabled by default and only after disabling it, I managed
> to connect the server.
> So my problem is that I can't establish a FTPS session, using my
> libcurl-using client, to FileZilla** server. Does someone is aware to
> this issue or know how can I enable it via libcurl?
> Moti Avrahami
> *The TLS session resumption feature increase the security of the FTPS
> handshake by checking if the TLS session of the data connection
> matches the session of the control connection. In that case, both the
> client and the server have the guarantee that the data connection is
> genuine. (you can read more here:
> **In my case this is FileZilla but as far as I read, this feature has
> started to be adopted by other FTP servers, just like vsftpd, so I
> wonder whether we have a real problem here.
It's a bug. libcurl isn't properly saving and restoring the session for
mbedtls (and probably polarssl). Thomas Glanzmann reported mbedtls
session resume issues several months ago  but it looks like I never
followed up. I've started fixing it , please try that branch and tell
me if it works for you. Thanks
List admin: https://cool.haxx.se/list/listinfo/curl-library
Received on 2016-04-26