You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Stefan (Jira)" <ji...@apache.org> on 2021/06/11 15:50:00 UTC
[jira] [Commented] (NET-408) problem connecting to ProFTPD with
FTPES
[ https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17361859#comment-17361859 ]
Stefan commented on NET-408:
----------------------------
Soon we have a problem. Java 17 - the next LTS - will change the reflection warning to an error. Then our workaround can not be used anymore. If this does not get higher priority then Java will be unable to connect to modern FTPS server. Or we get another property to switch to old behaviour...
BouncyCastle is working on session reuse. But I could not run it with FTPSClient. And I do not like to switch one part of our application to BouncyCastle because Java ignores this (security) issue.
[~eduardo-rs] I found this for Java 16:
{code:java}
In Java 16, it is still possible to restore the situation that existed previously by using the --illegal-access command-line switch to allow general reflective access to the JDK internals. However, in Java 17, the situation changes again: This release removes that command-line switch.{code}
> problem connecting to ProFTPD with FTPES
> ----------------------------------------
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
> Issue Type: Bug
> Components: FTP
> Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
> Reporter: Michael Voigt
> Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> - (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
> FTPClient ftpClient = new FTPClient();
> ftpClient = new FTPSClient("TLS");
> // this throws an exception with TLSProtocol TLSv1
> ftpClient.connect(host, port);
> int reply = ftpClient.getReplyCode();
> if (!FTPReply.isPositiveCompletion(reply)) {
> ftpClient.disconnect();
> log.error("The FTP Server did not return a positive completion reply!");
> throw new FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
> }
> boolean loginSuccessful = ftpClient.login(userName, password);
> if (!loginSuccessful) {
> log.error("Login to the FTP Server failed! The credentials are not valid.");
> throw new FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
> }
> ftpClient.execPBSZ(0);
> ftpClient.execPROT("P");
> boolean success = ftpClient.storeFile(fileName, fis);
> if (!success) {
> // this is false if "NoSessionReuseRequired" is not set
> }
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)