Uploaded image for project: 'Commons Net'
  1. Commons Net
  2. NET-408

problem connecting to ProFTPD with FTPES

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.2, 3.0
    • Fix Version/s: None
    • Component/s: FTP
    • Labels:
      None
    • Environment:

      ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
      ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
      Java 1.5

      Description

      I have a problem with the FTPClient connecting to a ProFTPD server.

      If the server uses the configuration option "TLSProtocol TLSv1", I
      cannot connect to it at all. I recieve the following error message:

      • javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection

      On the server side I see in the log:
      unable to accept TLS connection: protocol error:

      • (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
        certificate unknown
      • TLS/TLS-C negotiation failed on control channel

      If the server uses the configuration option "TLSProtocol SSLv23", I
      can connect to it but I cant transfer any files. In the server log I
      see:

      • starting TLS negotiation on data connection
      • TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
      • client did not reuse SSL session, rejecting data connection (see
        TLSOption NoSessionReuseRequired)
      • unable to open data connection: TLS negotiation failed

      If I add the NoSessionReuseRequired parameter to the ProFTPD config
      everything works fine.

      Here is my code:
      FTPClient ftpClient = new FTPClient();
      ftpClient = new FTPSClient("TLS");

      // this throws an exception with TLSProtocol TLSv1
      ftpClient.connect(host, port);

      int reply = ftpClient.getReplyCode();
      if (!FTPReply.isPositiveCompletion(reply))

      { ftpClient.disconnect(); log.error("The FTP Server did not return a positive completion reply!"); throw new FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION); }

      boolean loginSuccessful = ftpClient.login(userName, password);
      if (!loginSuccessful)

      { log.error("Login to the FTP Server failed! The credentials are not valid."); throw new FtpTransferException(ECCUtils.ERROR_FTP_LOGIN); }

      ftpClient.execPBSZ(0);
      ftpClient.execPROT("P");

      boolean success = ftpClient.storeFile(fileName, fis);
      if (!success)

      { // this is false if "NoSessionReuseRequired" is not set }

      Now my question is if it is generally possible to connect to a server
      with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
      "NoSessionReuseRequired" parameter? Could someone provide a piece of
      example code for this?

        Attachments

        1. PTFTPSClient.java
          21 kB
          Bogdan Drozdowski
        2. proftpd.conf
          3 kB
          Michael Voigt
        3. FTPSClientWithTLSResumption.zip
          28 kB
          Erick Lichtas
        4. ftpes.jpg
          16 kB
          Michael Voigt
        5. BCFTPSClient.java
          35 kB
          Bogdan Drozdowski

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                mivola Michael Voigt
              • Votes:
                8 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated: