Mark Jeffrey created NET-479:
--------------------------------
Summary: After upgrade from JRE 1.6 Update 27 to Update 29, cannot
logon using FTPS
Key: NET-479
URL: https://issues.apache.org/jira/browse/NET-479
Project: Commons Net
Issue Type: Bug
Components: FTP
Affects Versions: 3.1
Reporter: Mark Jeffrey
Using the following code works with JRE Update 27 but not with JRE Update 29
(there was no 28).
{noformat}
final FTPSClient ftpsClient = new FTPSClient("TLS", true);
ftpsClient.connect("test.ftps.xxxx.com", 6366);
final int replyCode = ftpsClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(replyCode)) {
throw new RuntimeException();
}
ftpsClient.enterLocalPassiveMode();
if (!ftpsClient.login("user", "pass")) {
throw new RuntimeException("Cannot logon");
}
{noformat}
<p>
With update 29 I receive the exception 'Cannot logon".
I have tried to determine what has changed between the two releases and it
seems there have been some changes to TLS - these are the release notes - with
links to the security advisory:
http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html
<p>
Update 27 and 29 can be found here:
http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase6-419409.html#jdk-6u27-oth-JPR
<p>
I also tried this (I can attach the debug output but it didn't seem to differ
significantly between the successful and failed attempts)
{noformat}
System.setProperty("javax.net.debug", "ssl");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("sun.security.ssl.allowLegacyHelloMessages" , "true");
{noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
