cURL / Mailing Lists / curl-library / Single Mail

curl-library

How to implement TLS session resumption in libcurl when connecting to FTPS servers

From: Moti Avrahami <moti.dp_at_gmail.com>
Date: Mon, 25 Apr 2016 17:03:00 +0300

Hello,

I am using libcurl (v7.47.1) on Windows, together with mbedTLS (v2.2.1) as
a TLS backend, to connect to FTPS servers.
Although I managed to connect to some FTPS servers, I encountered a problem
to connect to FileZilla server, even when succeeded with FileZilla client.
After investigate it, I found out it was because a new ability that was
added to FileZilla server in v0.9.51, that requires from the clients to
implement TLS session resumption*. This feature is enabled by default and
only after disabling it, I managed to connect the server.

So my problem is that I can't establish a FTPS session, using my
libcurl-using client, to FileZilla** server. Does someone is aware to this
issue or know how can I enable it via libcurl?

Thanks,
Moti Avrahami

*The TLS session resumption feature increase the security of the FTPS
handshake by checking if the TLS session of the data connection matches the
session of the control connection. In that case, both the client and the
server have the guarantee that the data connection is genuine. (you can
read more here: https://forum.filezilla-project.org/viewtopic.php?t=36903)

**In my case this is FileZilla but as far as I read, this feature has
started to be adopted by other FTP servers, just like vsftpd, so I wonder
whether we have a real problem here.

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-04-25