Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vsftpd complains about missing TLS 1.3 session reuse when reusing FTP connection #4654

Closed
felixhaedicke opened this issue Nov 28, 2019 · 2 comments

Comments

@felixhaedicke
Copy link
Contributor

@felixhaedicke felixhaedicke commented Nov 28, 2019

When reusing a connection to an vsftp server, e. g. to download several files, the second operation fails.

Example command line:

curl -v --ftp-ssl-reqd ftp://my.ftp.host/path/to/file ftp://my.ftp.host/path/to/file

The first download works fine, and for the second donwload, the control channel connection is reused. But then, vsftp complains about missing session reuse for the data channel for the second file:

522 SSL connection failed: session reuse required

See vsftp-session-reuse-required-verbose-output.txt for more details.

Is this a bug in vsftp? Or is the bugfix for #3002 not working when reusing a connection?

It works when limiting TLS to max version 1.2:

curl -v --ftp-ssl-reqd --tls-max 1.2 ftp://my.ftp.host/path/to/file ftp://my.ftp.host/path/to/file

And for some reason, the problem does not occur when performing file listings instead of file downloads:

curl -v --ftp-ssl-reqd ftp://my.ftp.host/path/to/dir/ ftp://my.ftp.host/path/to/dir/

curl/libcurl version

curl 7.68.0-DEV (x86_64-pc-linux-gnu) libcurl/7.68.0-DEV OpenSSL/1.1.1d zlib/1.2.11
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

operating system

Debian 10
also reproducible on Windows 10

@bagder
Copy link
Member

@bagder bagder commented Nov 28, 2019

I don't know why it happens or what the problem is.

But yes, very curious that directory listings are somehow handled differently?!

@Brm-Bremen
Copy link

@Brm-Bremen Brm-Bremen commented Oct 17, 2021

If i'm at the wrong spot, please correct me.

We have switched out FTP-Server and the new one makes TLS session reuse mandatory.
This works great with most clients.
However we have a CentOS7 server that is not able to connect to the data channel.
It has the following curl version:
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0
When trying to connect to the data channel it says:
< 425 Unable to build data connection: TLS session of data connection not resumed.
* server did not report OK, got 425

This is working fine with the local installation of curl on my mac with the following version:
curl 7.64.1 (x86_64-apple-darwin20.0) libcurl/7.64.1 (SecureTransport) LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.41.0

In wich version was this fixed? I am not sure if i am looking in the right place because the entry from 6be2804 is still there on the latest tag of curl which is far newer than my local installation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants