Uploaded image for project: 'Commons Net'
  1. Commons Net
  2. NET-408

problem connecting to ProFTPD with FTPES

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.2, 3.0
    • Fix Version/s: None
    • Component/s: FTP
    • Labels:
      None
    • Environment:

      ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
      ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
      Java 1.5

      Description

      I have a problem with the FTPClient connecting to a ProFTPD server.

      If the server uses the configuration option "TLSProtocol TLSv1", I
      cannot connect to it at all. I recieve the following error message:

      • javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection

      On the server side I see in the log:
      unable to accept TLS connection: protocol error:

      • (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
        certificate unknown
      • TLS/TLS-C negotiation failed on control channel

      If the server uses the configuration option "TLSProtocol SSLv23", I
      can connect to it but I cant transfer any files. In the server log I
      see:

      • starting TLS negotiation on data connection
      • TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
      • client did not reuse SSL session, rejecting data connection (see
        TLSOption NoSessionReuseRequired)
      • unable to open data connection: TLS negotiation failed

      If I add the NoSessionReuseRequired parameter to the ProFTPD config
      everything works fine.

      Here is my code:
      FTPClient ftpClient = new FTPClient();
      ftpClient = new FTPSClient("TLS");

      // this throws an exception with TLSProtocol TLSv1
      ftpClient.connect(host, port);

      int reply = ftpClient.getReplyCode();
      if (!FTPReply.isPositiveCompletion(reply))

      { ftpClient.disconnect(); log.error("The FTP Server did not return a positive completion reply!"); throw new FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION); }

      boolean loginSuccessful = ftpClient.login(userName, password);
      if (!loginSuccessful)

      { log.error("Login to the FTP Server failed! The credentials are not valid."); throw new FtpTransferException(ECCUtils.ERROR_FTP_LOGIN); }

      ftpClient.execPBSZ(0);
      ftpClient.execPROT("P");

      boolean success = ftpClient.storeFile(fileName, fis);
      if (!success)

      { // this is false if "NoSessionReuseRequired" is not set }

      Now my question is if it is generally possible to connect to a server
      with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
      "NoSessionReuseRequired" parameter? Could someone provide a piece of
      example code for this?

        Attachments

        1. FTPSClientWithTLSResumption.zip
          28 kB
          Erick Lichtas
        2. PTFTPSClient.java
          21 kB
          Bogdan Drozdowski
        3. BCFTPSClient.java
          35 kB
          Bogdan Drozdowski
        4. ftpes.jpg
          16 kB
          Michael Voigt
        5. proftpd.conf
          3 kB
          Michael Voigt

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                mivola Michael Voigt
              • Votes:
                9 Vote for this issue
                Watchers:
                12 Start watching this issue

                Dates

                • Created:
                  Updated: