cURL / Mailing Lists / curl-library / Single Mail

curl-library

about TLS session resumption with openssl

From: ºúµÂÅô <hudepeng2000_at_163.com>
Date: Wed, 2 Nov 2016 17:02:54 +0800 (CST)

Hi all friends,
I upgraded curl from 7.37 to 7.50.3, and work with openssl-1.0.2d, and then the client cannot connect to filezilla server through ftps.
Got error log from curl as following:
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 21 (#0)
< 220-FileZilla Server 0.9.57 beta

< 220-written by Tim Kosse (Tim.Kosse_at_gmx.de)

< 220 Please visit https://filezilla-project.org/

> AUTH TLS

< 234 Using authentication type TLS

* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* SSL connection using TLSv1.1 / ECDHE-RSA-AES256-SHA
* Server certificate:
* subject: C=86; ST=shanghai; L=shanghai; O=abc; OU=abc
* start date: Mar 22 02:30:51 2016 GMT
* expire date: Mar 22 02:30:51 2017 GMT
* issuer: C=86; ST=shanghai; L=shanghai; O=abc; OU=abc
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> USER hci

< 331 Password required for hci

> PASS ******

< 230 Logged on

> PBSZ 0

< 200 PBSZ=0

> PROT P

< 200 Protection level set to P

> PWD

< 257 "/" is current directory.

* Entry path is '/'
> CWD ar14061\ibdir

* ftp_perform ends with SECONDARY: 0
< 250 CWD successful. "/ar14061/ibdir" is current directory.

> EPRT |2|::1|34150|

< 200 Port command successful

* Connect data stream actively
> TYPE A

< 200 Type set to A

> nlst

< 150 Opening data channel for directory listing of "/ar14061/ibdir"

* Maxdownload = -1
* Preparing for accepting server on data port
* Checking for server connect
* Ready to accept data connection from server
* Connection accepted from server
* Doing the SSL/TLS handshake on the data stream
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* Unknown SSL protocol error in connection to localhost:21
* Closing connection 0

It works fine with curl-7.37.0 but failed with curl-7.50.3.
And with curl7.50.3, it works if I un-tick "Require TLC session resumption on data connection..." in filezilla server.

Is there any different between 7.50 and 7.37 for TLS session resumption with openssl?
Any idea about this?
Thanks!

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-11-02