cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: How to implement TLS session resumption in libcurl when connecting to FTPS servers

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 28 Apr 2016 03:02:31 -0400

On 4/26/2016 3:16 AM, Ray Satiro wrote:
> On 4/25/2016 10:03 AM, Moti Avrahami wrote:
>> Hello,
>>
>> I am using libcurl (v7.47.1) on Windows, together with mbedTLS
>> (v2.2.1) as a TLS backend, to connect to FTPS servers.
>> Although I managed to connect to some FTPS servers, I encountered a
>> problem to connect to FileZilla server, even when succeeded with
>> FileZilla client. After investigate it, I found out it was because a
>> new ability that was added to FileZilla server in v0.9.51, that
>> requires from the clients to implement TLS session resumption*. This
>> feature is enabled by default and only after disabling it, I managed
>> to connect the server.
>>
>> So my problem is that I can't establish a FTPS session, using my
>> libcurl-using client, to FileZilla** server. Does someone is aware to
>> this issue or know how can I enable it via libcurl?
>>
>> Thanks,
>> Moti Avrahami
>>
>>
>> *The TLS session resumption feature increase the security of the FTPS
>> handshake by checking if the TLS session of the data connection
>> matches the session of the control connection. In that case, both the
>> client and the server have the guarantee that the data connection is
>> genuine. (you can read more here:
>> https://forum.filezilla-project.org/viewtopic.php?t=36903)
>>
>> **In my case this is FileZilla but as far as I read, this feature has
>> started to be adopted by other FTP servers, just like vsftpd, so I
>> wonder whether we have a real problem here.
>>
>
>
> It's a bug. libcurl isn't properly saving and restoring the session
> for mbedtls (and probably polarssl). Thomas Glanzmann reported mbedtls
> session resume issues several months ago [1] but it looks like I never
> followed up. I've started fixing it [2], please try that branch and
> tell me if it works for you. Thanks
>

Fixed in https://github.com/curl/curl/commit/9f498de

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-04-28

This message: [ Message body ]
Next message: Ray Satiro via curl-library: "Re: Can't get internals pointer on iOS"
Previous message: Daniel Stenberg: "Re: http2 gzip encoded response expected if not requested?"
In reply to: Ray Satiro via curl-library: "Re: How to implement TLS session resumption in libcurl when connecting to FTPS servers"
Next in thread: Thomas Glanzmann: "Re: How to implement TLS session resumption in libcurl when connecting to FTPS servers"
Reply: Thomas Glanzmann: "Re: How to implement TLS session resumption in libcurl when connecting to FTPS servers"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]