Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: FTPS: error 425 on connection re-use - SSL session not being re-used?

From: Ivan Pilipenko <ivan.pilipenko_at_matrix-vision.de>
Date: Mon, 30 Jul 2018 09:18:35 +0200 (CEST)

> Ray Satiro <raysatiro_at_yahoo.com> hat am 27. Juli 2018 um 20:28 geschrieben:
>
>
> On 7/27/2018 5:38 AM, Ivan Pilipenko wrote:
> > Hello,
> >
> > according to [1], the error occurs because proftpd requires the clients to also re-use SSL sessions if the connection is re-used. Setting the corresponding option in proftpd to work around the issue works, so it seems curl is still not re-using SSL sessions correctly. However, according to [2] it was supposed to be fixed back in 2016?
> >
> > Is there anything special I have to do to make libcurl also re-use SSL sessions, or is it still broken/not implemented? I am currently using libcurl 7.60 and as far as I can tell there was nothing related in the 7.61 changelog.
> >
> > [1] http://www.proftpd.org/docs/howto/TLS.html (Frequently Asked Questions, question 1)
> > [2] https://curl.haxx.se/mail/lib-2016-04/0135.html
>
> You are referring to the mbedTLS/PolarSSL fix in 9f498de [1] but you
> didn't mention what SSL backend you're using so this might be a
> different issue. We need the curl -V for curl or curl_version() for
> libcurl and then I will try that combination with proftpd and monitor in
> wireshark to confirm.
>
> [1]: https://github.com/curl/curl/commit/9f498de
>
I am sorry, I forgot to mention that information - here is the output of curl_version():

libcurl/7.60.0 OpenSSL/1.1.0h zlib/1.2.11

I have configured it as follows:

--without-librtmp \
--without-nghttp2 \
--without-libidn2 \
--without-libpsl \
--without-brotli \
--without-idn2 \
--without-psl \
--without-librtmp \
--disable-ldap \
--disable-gopher \
--disable-file \
--disable-dict \
--disable-imap \
--disable-pop3 \
--disable-rtsp \
--disable-smtp \
--disable-telnet \
--disable-tftp \
--disable-smb \
--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt

Basically, just HTTP(S)/FTP(S) support with openSSL. 

-- 
Freundliche Grüße / Best regards
Ivan Pilipenko
---------------------------------------------------------
MATRIX VISION GmbH
Ivan Pilipenko
Entwicklung / Development
Talstrasse 16
D-71570 Oppenweiler
Tel: +49 7191 94 32 430
Fax: +49 7191 94 32 288
e-mail: ivan.pilipenko_at_matrix-vision.de
internet: www.matrix-vision.de
-----------------------------------------------------------------
Upcoming Events:
06.-08. November: VISION, Stuttgart, Germany 
-----------------------------------------------------------------
MATRIX VISION GmbH, Talstrasse 16, DE-71570 Oppenweiler
Registergericht: Amtsgericht Stuttgart, HRB 271090
Geschaeftsfuehrer: Uwe Furtner, Florian Hermle
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2018-07-30