New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS 1.3 with FTP over TLS transfers fails; lack of session resumption on data connection #3002
Comments
and this works if the (same) server offers TLS 1.2 or lower? |
Yes, it works on 1.2 and lower. |
To me, this looks like an openssl issue rather than a curl one. Post handshake, curl does nothing different on 1.3 than for previous TLS versions. Do you happen to know what server or TLS library is running the other end? |
The FTP server is vsftpd 3.0.3 using OpenSSL 1.1.1. It also fails on other servers too, such as ProFTPD and Pure-FTPd, also using OpenSSL 1.1.1. Edit: After looking into this more, it appears to be related to TLS session resumption. All modern FTP servers require TLS session resumption to be used for data connections and for some reason this doesn't appear to be working with cURL and TLS 1.3 (at least when using FTP), so the data connection fails. If I disable that requirement on the server-side, the transfer works. I've tested several other FTP clients that are also using OpenSSL 1.1.1 and they seem to work fine, so far only cURL seems to have this problem. I also noticed that when trying to use the flags --tlsv1.0, --tlsv1.1 or --tlsv1.2, there seems to be no effect. It will just attempt to use TLS 1.3 every time. |
I've heard this before but for some reason it's never been added to
They set the minimum version to use. |
Had the same problem with curl 7.62, but it seems to be fixed in 7.63. Looks like commit 549310e made the difference. |
Cool, thanks for this. @graxlop anything else or can we close this now? |
Works in 7.63, thanks. |
I did this
I expected the following
Start the file transfer.
curl/libcurl version
curl 7.61.0 (x86_64-pc-linux-gnu) libcurl/7.61.0 OpenSSL/1.1.1 zlib/1.2.3
Release-Date: 2018-07-11
Protocols: ftp ftps http https
Features: AsynchDNS Largefile SSL libz HTTPS-proxy
operating system
CentOS 6.10
The text was updated successfully, but these errors were encountered: