[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[pktripathy (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17800496#comment-17800496
 ] 

pktripathy commented on NET-408:


Gary. Thanks for reply.

Error :  425 Unable to build data connection: TLS session of data connection 
not resumed.

Commons Net Version - 3.10.0, JDK 1.8 (That's intentional as I am using patch 
that change method _prepareDataSocket_ in FTPSClient to manipulate 
SessionHostPortCache. This does not work in latest JDK).

Problem is that Control and Data connection to FTP Server is not using same TLS 
Session.  It might be a Java Problem. 

When control connection is made SSLSessionContextImpl.sessionHostPortCache  
will have an entry with key ":" e.g. localhost:21.

When data connection is made, it is not searching for localhost:21 but  
checking RemotePort so it creates another session and put another key like 
"localhost:54300" in sessionHostPortCache.

 

 

 

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Gary D. Gregory (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17800493#comment-17800493
 ] 

Gary D. Gregory commented on NET-408:
-

It's not clear to me what the needed change is. Feel free to provide a PR on 
GitHub with a matching test. What version of Java and Commons Net are being 
what issue on?

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[pktripathy (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17800482#comment-17800482
 ] 

pktripathy commented on NET-408:


Is it going to be fixed soon? So, it works across all JDK Versions. At the 
moment we can not move to latest JDK.

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Stefan Cordes (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17563042#comment-17563042
 ] 

Stefan Cordes commented on NET-408:
---

In the meantime (2009) the vsftpd released a server version which can 
workaround the missing implementation in the FTPSClient:

{*}require_ssl_reuse{*}=NO

[https://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html]

_> If your SSL FTP client does not re-use sessions, you can turn this off but 
you would do better to change FTP clients._

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Matthias Perktold (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17484550#comment-17484550
 ] 

Matthias Perktold commented on NET-408:
---

Regarding the problems with FileZilla Server 1.2.0, I [asked on 
Stackoverflow|https://stackoverflow.com/questions/70903926/how-to-establish-a-ftps-data-connection-to-a-filezilla-server-1-2-0]
 and it looks like the workaround doesn't work when TLS 1.3 is used. Does 
anyone have an idea how to adjust the workaround such that it does?

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Matthias Perktold (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17483732#comment-17483732
 ] 

Matthias Perktold commented on NET-408:
---

Somehow my solution stopped working, so I needed to use the code [~eduardo-rs] 
provided, thanks!

Interestingly, it does not work with all servers.

For example, it doesn't work with FileZilla Server 1.2.0 (latest version at the 
time of writing), where I get the following error:
|Code=425 Unable to build data connection: TLS session of data connection not 
resumed.|

 

However, it does work with FileZilla Server 0.9.6.

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Bernd Eckenfels (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17362034#comment-17362034
 ] 

Bernd Eckenfels commented on NET-408:
-

You can use a explicite `––add–opens` this will work besides the removed 
`—illegal-access` option in java 17. but it’s really strange that we get no api 
support in this area for years 

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Stefan (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17361859#comment-17361859
 ] 

Stefan commented on NET-408:


Soon we have a problem. Java 17 - the next LTS - will change the reflection 
warning to an error. Then our workaround can not be used anymore. If this does 
not get higher priority then Java will be unable to connect to modern FTPS 
server. Or we get another property to switch to old behaviour...

BouncyCastle is working on session reuse. But I could not run it with 
FTPSClient. And I do not like to switch one part of our application to 
BouncyCastle because Java ignores this (security) issue.

 

[~eduardo-rs] I found this for Java 16:
{code:java}
In Java 16, it is still possible to restore the situation that existed 
previously by using the --illegal-access command-line switch to allow general 
reflective access to the JDK internals. However, in Java 17, the situation 
changes again: This release removes that command-line switch.{code}

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Eduardo (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17316424#comment-17316424
 ] 

Eduardo commented on NET-408:
-

[~dkoc...@sudo.ch] the code above works in java 14, using 
System.setProperty("jdk.tls.client.enableSessionTicketExtension", 
String.valueOf(false))

but this does not work in java 16, I get the following:

org.apache.commons.net.ftp.FTPConnectionClosedException: Connection closed 
without indication.

Any idea what may be necessary here ?

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Eduardo (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17316422#comment-17316422
 ] 

Eduardo commented on NET-408:
-

 

For anyone interested: 

the code above was not working for me in java 14 or 16, (I think 11 too), 
because the "getHost" method is not available anymore, but the cyberduck code 
helped here: 

[https://github.com/iterate-ch/cyberduck/blob/master/ftp/src/main/java/ch/cyberduck/core/ftp/FTPClient.java]

 
{code:java}
// @Override
protected void _prepareDataSocket_(final Socket socket) {
if(preferences.getBoolean("ftp.tls.session.requirereuse")) {
if(socket instanceof SSLSocket) {
// Control socket is SSL
final SSLSession session = ((SSLSocket) _socket_).getSession();
if(session.isValid()) {
final SSLSessionContext context = 
session.getSessionContext();

context.setSessionCacheSize(preferences.getInteger("ftp.ssl.session.cache.size"));
try {
final Field sessionHostPortCache = 
context.getClass().getDeclaredField("sessionHostPortCache");
sessionHostPortCache.setAccessible(true);
final Object cache = sessionHostPortCache.get(context);
final Method putMethod = 
cache.getClass().getDeclaredMethod("put", Object.class, Object.class);
putMethod.setAccessible(true);
Method getHostMethod;
try {
getHostMethod = 
socket.getClass().getMethod("getPeerHost");
}
catch(NoSuchMethodException e) {
// Running in IKVM
getHostMethod = 
socket.getClass().getDeclaredMethod("getHost");
}
getHostMethod.setAccessible(true);
Object peerHost = getHostMethod.invoke(socket);
putMethod.invoke(cache, String.format("%s:%s", 
peerHost, socket.getPort()).toLowerCase(Locale.ROOT), session);
}
catch(NoSuchFieldException e) {
// Not running in expected JRE
log.warn("No field sessionHostPortCache in 
SSLSessionContext", e);
}
catch(Exception e) {
// Not running in expected JRE
log.warn(e.getMessage());
}
}
else {
log.warn(String.format("SSL session %s for socket %s is not 
rejoinable", session, socket));
}
}
}
}
{code}
 

 

I had to uncomment this though: 

context.setSessionCacheSize(preferences.getInteger("ftp.ssl.session.cache.size"));

Any idea what can be replaced here? Is this necessary anyhow? it seems to work 
out with 

// 
context.setSessionCacheSize(preferences.getInteger("ftp.ssl.session.cache.size"));

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[David Kocher (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17263125#comment-17263125
 ] 

David Kocher commented on NET-408:
--

Additionally on JD14 or later 
{{System.setProperty("jdk.tls.client.enableSessionTicketExtension", 
String.valueOf(false))}} is required.

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Enrico Olivelli (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152649#comment-17152649
 ] 

Enrico Olivelli commented on NET-408:
-

[~jtoivonoja] is your code working on JDK14 ?

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Jouko Toivonoja (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152614#comment-17152614
 ] 

Jouko Toivonoja commented on NET-408:
-

Ok, sorry I didn't look at the so carefully

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Enrico Olivelli (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152582#comment-17152582
 ] 

Enrico Olivelli commented on NET-408:
-

The only difference is that you are using "getHost".

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Enrico Olivelli (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152580#comment-17152580
 ] 

Enrico Olivelli commented on NET-408:
-

[~jtoivonoja] I am sorry, I already had that trick in my code.

But it stopped working in latest versions of Java.

It does not work on JDK14

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Jouko Toivonoja (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152499#comment-17152499
 ] 

Jouko Toivonoja commented on NET-408:
-

[~elichtas] I was able to solve this by using the workaround from Cyberduck as 
same as [~mperktold] did.
{code:java}
// Extended implementation using https://trac.cyberduck.io/changeset/10760
public class FTPSClient_withSessionReuse extends FTPSClient {
boolean sessionReuse = false;public FTPSClient_withSessionReuse(boolean 
ftpsIsImplict, SSLContext sc,
boolean sessionReuse) {
super(ftpsIsImplict, sc);
this.sessionReuse = sessionReuse;
}public FTPSClient_withSessionReuse(boolean ftpsIsImplict, SSLContext 
sc) {
super(ftpsIsImplict, sc);
}public FTPSClient_withSessionReuse(boolean ftpsIsImplict) {
super(ftpsIsImplict);
}
// adapted from: https://trac.cyberduck.io/changeset/10760
@Override
protected void _prepareDataSocket_(final Socket socket) throws IOException {
// If session reuse not selected, then go with the original code
if (!sessionReuse) {
super._prepareDataSocket_(socket);
return;
}if (socket instanceof SSLSocket) {
final SSLSession session = ((SSLSocket) _socket_).getSession();
final SSLSessionContext context = session.getSessionContext();
try {
final Field sessionHostPortCache = context.getClass()
.getDeclaredField("sessionHostPortCache");
sessionHostPortCache.setAccessible(true);
final Object cache = sessionHostPortCache.get(context);
final Method putMethod = cache.getClass().getDeclaredMethod(
"put", Object.class, Object.class);
putMethod.setAccessible(true);
final Method getHostMethod = socket.getClass()
.getDeclaredMethod("getHost");
getHostMethod.setAccessible(true);
Object host = getHostMethod.invoke(socket);
final String key = String.format("%s:%s", host,
String.valueOf(socket.getPort())).toLowerCase(
Locale.ROOT);
putMethod.invoke(cache, key, session);
} catch (Exception e) {
// throw TransferException e
}
}
}}
{code}

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if 

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Enrico Olivelli (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152082#comment-17152082
 ] 

Enrico Olivelli commented on NET-408:
-

[~elichtas]

If I force "clientMode = true" in ChannelSslAdapter.java

the thread is stuck in 
{code:java}
 at 
java.base@14/sun.security.ssl.SSLEngineImpl.writeRecord(SSLEngineImpl.java:180)
at java.base@14/sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:146)
at java.base@14/sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:123)
at java.base@14/javax.net.ssl.SSLEngine.wrap(SSLEngine.java:479)
at 
org.apache.commons.net.io.ext.ChannelSslWritableByteChannel.write(ChannelSslWritableByteChannel.java:66)
at java.base@14/java.nio.channels.Channels.writeFullyImpl(Channels.java:74)
at java.base@14/java.nio.channels.Channels.writeFully(Channels.java:97)
at java.base@14/java.nio.channels.Channels$1.write(Channels.java:172)
- locked <6772e0dc> (a java.nio.channels.Channels$1)
at 
java.base@14/sun.security.ssl.SSLSocketOutputRecord.flush(SSLSocketOutputRecord.java:268)
at 
java.base@14/sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:89)
at 
java.base@14/sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:657)
at 
java.base@14/sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:529)
at 
java.base@14/sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:107)
at 
java.base@14/sun.security.ssl.TransportContext.kickstart(TransportContext.java:231)
at 
java.base@14/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:430)
at 
org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:682)
at 
org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:790)
at 
org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:3456)
at 
org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:3386)
at org.apache.commons.net.ftp.FTPClient.listFiles(FTPClient.java:3063)
 {code}
 

Unfortunately I do not have experience about how SSLEngine works.

 

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Enrico Olivelli (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152066#comment-17152066
 ] 

Enrico Olivelli commented on NET-408:
-

[~7265626F6F74]

Thank you very much.

I have now this error:
{code:java}
java.lang.IllegalStateException: Client/Server mode has not yet been 
set.java.lang.IllegalStateException: Client/Server mode has not yet been set. 
at java.base/sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:134) at 
java.base/sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:123) at 
java.base/javax.net.ssl.SSLEngine.wrap(SSLEngine.java:479) at 
org.apache.commons.net.io.ext.ChannelSslWritableByteChannel.write(ChannelSslWritableByteChannel.java:66)
 at java.base/java.nio.channels.Channels.writeFullyImpl(Channels.java:74) at 
java.base/java.nio.channels.Channels.writeFully(Channels.java:97) at 
java.base/java.nio.channels.Channels$1.write(Channels.java:172) at 
java.base/sun.security.ssl.SSLSocketOutputRecord.encodeAlert(SSLSocketOutputRecord.java:82)
 at 
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:355) at 
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:267) at 
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:262) at 
java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1654)
 at 
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:443) 
at 
org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:682) 
at 
org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:790) 
at 
org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:3456) 
at 
org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:3386) 
at org.apache.commons.net.ftp.FTPClient.listFiles(FTPClient.java:3063) {code}
 

I am now trying to force "clientMode" in ChannelSslAdapter.java

 

Once I get this to work, could you please send an official patch or commit to 
master branch this patch ?

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
> 

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Erick Lichtas (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152044#comment-17152044
 ] 

Erick Lichtas commented on NET-408:
---

I cache it the _connectAction_() method. Something like this:
{noformat}
@Override    
protected void _connectAction_() throws IOException {
      if (useTlsResumption){
            // cache the address if resuming tls         
            tlsResumptionAddress = new 
InetSocketAddress(_socket_.getInetAddress(), _socket_.getPort());
      }

      // Implicit mode.
      if (isImplicit) {
            sslNegotiation();
      }
      super._connectAction_();
      // Explicit mode.
      if (!isImplicit) {
            execAUTH();
            sslNegotiation();
      }
}{noformat}
 

 

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Enrico Olivelli (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152041#comment-17152041
 ] 

Enrico Olivelli commented on NET-408:
-

[~elichtas] how can I compute "tlsResumptionAddress" ?

Probably useTlsResumption is to be set to "true"

 

but I know about the new address  only in _prepareDataSocket_

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Erick Lichtas (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152043#comment-17152043
 ] 

Erick Lichtas commented on NET-408:
---

[~eolivelli] - you will need to make sure you pass in the appropriate host 
address and port of the control channel when constructing the factories in the 
FTPSClient. That is what the tlsResumptionAddress object does for me in the 
code above.  

Good luck!

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Enrico Olivelli (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152037#comment-17152037
 ] 

Enrico Olivelli commented on NET-408:
-

Thank you [~elichtas] I am testing it right now !

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Erick Lichtas (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152035#comment-17152035
 ] 

Erick Lichtas commented on NET-408:
---

[~jtoivonoja] - This case went quiet for a long time and my patch, which was 
still in the works at the time, has since been finalized and has been in use 
for a few years now. I've updated the attached set of libs.  

The biggest problem is that the data connection is on a separate port than the 
control connection. So when java looks up the TLS session for the ftp data 
connection on port 3 (as an example), it doesn't find one - the control 
connection where the session was originally create for port 21.  The patch I've 
attached will instruct the SSLEngine being created to use the original control 
channel host and port. This doesn't impact the socket connection itself, but 
will instruct the JVM to use an existing SSL session if it exists.  

I've added a newer zip file 'FTPSClientWithTLSResumption' with an 
org.apache.commons.net.io.ext package.  Copy that package into your project and 
add the following code block to the appropriate location in the execPROT method 
of the FTPSClient.java class


{code:java}
// Added to execProt command of the FTPSClient.java

if (useTlsResumption) { 
ChannelSslSocketFactory sslSocketFactory = new ChannelSslSocketFactory( 
context); 

sslSocketFactory.setControlHost(tlsResumptionAddress.getAddress().getHostAddress());
sslSocketFactory.setControlPort(tlsResumptionAddress.getPort()); 
setSocketFactory(sslSocketFactory);

ChannelSslServerSocketFactory sslServerSocketFactory = new 
ChannelSslServerSocketFactory( 
context); 

sslServerSocketFactory.setControlHost(tlsResumptionAddress.getAddress().getHostAddress());
   
sslServerSocketFactory.setControlPort(tlsResumptionAddress.getPort()); 
setServerSocketFactory(sslServerSocketFactory);
}
else { 
setSocketFactory(new FTPSSocketFactory(context, _socketFactory_)); 
setServerSocketFactory(new FTPSServerSocketFactory(context));
}
{code}

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
> 

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Enrico Olivelli (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152031#comment-17152031
 ] 

Enrico Olivelli commented on NET-408:
-

[~elichtas]

I see you uploaded a zip file

is it some kind of patch ?

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Enrico Olivelli (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150398#comment-17150398
 ] 

Enrico Olivelli commented on NET-408:
-

I have read all of the comments from the past.

It looks like now BC is able to resume the session

[https://www.bouncycastle.org/releasenotes.html]

I am not a TLS expert, is anyone able to try again with BC ?

 

As this is mostly a Java Runtime issue I feel we won't be able to support 
session resumption without a Java release.

So we would need some Java engineer to work on it and then a Java release, and 
then users will have to adopt the most recent Java versionI see it hard to 
happen in the near future.

But it looks like that this requirement of session resumption is more and more 
used by FTPs servers administrators

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Paul Dennis (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16929087#comment-16929087
 ] 

Paul Dennis commented on NET-408:
-

[~mperktold] the long term solution might be 
[https://bugs.openjdk.java.net/browse/JDK-8170813] which references this issue.

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Matthias Perktold (Jira)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16929015#comment-16929015
 ] 

Matthias Perktold commented on NET-408:
---

Is there any progress on this?

I am currently using a workaround suggested on Stackoverflow, which is a copy 
of cyberduck's code:
 [https://stackoverflow.com/a/32404418]

Additionally, on JDK 8u161 or higher, the following System property is required:
{code:java}
System.setProperty("jdk.tls.useExtendedMasterSecret", "false");
{code}
Also, when running on JDK 11, I get the following console output:
{code:java}
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by FTPSClientWithSessionResumption to field 
sun.security.ssl.SSLSessionContextImpl.sessionHostPortCache
WARNING: Please consider reporting this to the maintainers of 
FTPSClientWithSessionResumption
WARNING: Use --illegal-access=warn to enable warnings of further illegal 
reflective access operations
WARNING: All illegal access operations will be denied in a future release
{code}

Which makes it pretty clear that this cannot be a long term solution.

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
>Priority: Major
> Attachments: BCFTPSClient.java, FTPSClientWithTLSResumption.zip, 
> PTFTPSClient.java, ftpes.jpg, proftpd.conf
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Jouko Toivonoja (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16055584#comment-16055584
 ] 

Jouko Toivonoja commented on NET-408:
-

Erick Lichtas, I have tried your fix but I'm facing this:
450 TLS session of data connection has not resumed or the session does not 
match the control connection

Any ideas why is this happening?

Pretty sure that the server is FileZilla, but unfortunately I have no control 
over it.

> problem connecting to ProFTPD with FTPES
> 
>
> Key: NET-408
> URL: https://issues.apache.org/jira/browse/NET-408
> Project: Commons Net
>  Issue Type: Bug
>  Components: FTP
>Affects Versions: 2.2, 3.0
> Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
> 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
> ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
> Java 1.5
>Reporter: Michael Voigt
> Attachments: BCFTPSClient.java, ftpes.jpg, 
> FTPSClientWithTLSResumption.zip, proftpd.conf, PTFTPSClient.java
>
>
> I have a problem with the FTPClient connecting to a ProFTPD server.
> If the server uses the configuration option "TLSProtocol TLSv1", I
> cannot connect to it at all. I recieve the following error message:
> - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
> On the server side I see in the log:
> unable to accept TLS connection: protocol error:
> -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
> certificate unknown
> - TLS/TLS-C negotiation failed on control channel
> If the server uses the configuration option "TLSProtocol SSLv23", I
> can connect to it but I cant transfer any files. In the server log I
> see:
> - starting TLS negotiation on data connection
> - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
> - client did not reuse SSL session, rejecting data connection (see
> TLSOption NoSessionReuseRequired)
> - unable to open data connection: TLS negotiation failed
> If I add the NoSessionReuseRequired parameter to the ProFTPD config
> everything works fine.
> Here is my code:
>FTPClient ftpClient = new FTPClient();
>ftpClient = new FTPSClient("TLS");
>// this throws an exception with TLSProtocol TLSv1
>ftpClient.connect(host, port);
>int reply = ftpClient.getReplyCode();
>if (!FTPReply.isPositiveCompletion(reply)) {
>ftpClient.disconnect();
>log.error("The FTP Server did not return a positive 
> completion reply!");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
>}
>boolean loginSuccessful = ftpClient.login(userName, password);
>if (!loginSuccessful) {
>log.error("Login to the FTP Server failed! The 
> credentials are not valid.");
>throw new 
> FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
>}
>ftpClient.execPBSZ(0);
>ftpClient.execPROT("P");
>boolean success = ftpClient.storeFile(fileName, fis);
>if (!success) {
>// this is false if "NoSessionReuseRequired" is not set
>}
> Now my question is if it is generally possible to connect to a server
> with "TLSProtocol TLSv1" or "TLSProtocol SSLv23" without the
> "NoSessionReuseRequired" parameter? Could someone provide a piece of
> example code for this?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Carlos Bustamante (Commented) (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13157139#comment-13157139
 ] 

Carlos Bustamante commented on NET-408:
---

Hi, recently i try to use the claymoresystems, with the Crytix library, *jdk 
1.7, but it shows me an the class Socket is duplicated, and i have reviewed 
this same bug with   proftpd-1.3.3c-1.el5.rf with centos 5.7,

SOLUTION
 use vsftpd with this configuration

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
xferlog_enable=YES
log_ftp_protocol=YES
setproctitle_enable=YES

this works great, without modify the apache commons library.

The problem originated basically was the ciphed method used by proftdp not 
supported





 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: BCFTPSClient.java, PTFTPSClient.java, ftpes.jpg, 
 proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[David Kocher (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13070984#comment-13070984
 ] 

David Kocher commented on NET-408:
--

The problem is that DefaultTlsClient#notifySessionID(byte[]) is a no op.

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: BCFTPSClient.java, PTFTPSClient.java, ftpes.jpg, 
 proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[David Kocher (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13070986#comment-13070986
 ] 

David Kocher commented on NET-408:
--

I have filed http://www.bouncycastle.org/jira/browse/BJB-7

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: BCFTPSClient.java, PTFTPSClient.java, ftpes.jpg, 
 proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Bogdan Drozdowski (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13057371#comment-13057371
 ] 

Bogdan Drozdowski commented on NET-408:
---

Short-time fix - probably not. As you can see, it's just not that easy. But if 
you find an open-source FTP program in Java that works with your ProFTPd, it 
might help us create something similar in Commons-Net, so let us know as soon 
as you find something.

@David: Yes, TlsProtocolHandler connects TlsClients which have something to do 
with session IDs, so this also might be an option. But, as you say, it's not a 
drop-in. This would also require a partial or complete re-write of the 
FTPSClient. It might be easier to use than PureTLS. Not to mention that it is 
more maintained and up-to-date (PureTLS's ChangLog ends on the year 2002). 
Unfortunately, still a new dependency for Commons-Net.

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: ftpes.jpg, proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[David Kocher (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13055339#comment-13055339
 ] 

David Kocher commented on NET-408:
--

There is also 
[TlsProtocolHandler|http://www.bouncycastle.org/docs/docs1.6/index.html?org/bouncycastle/crypto/tls/TlsProtocolHandler.html]
 from the BouncyCastle project but that wouldn't be a drop-in replacement.

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: ftpes.jpg, proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Michael Voigt (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13055341#comment-13055341
 ] 

Michael Voigt commented on NET-408:
---

Thanks for the investigation. So I guess there will be no (short-time)fix for 
this problem?

I also tried ftp4j in my scenario but there is the same problem. I guess it 
uses the same SSL stuff as FTPClient does.

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: ftpes.jpg, proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Bogdan Drozdowski (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13054937#comment-13054937
 ] 

Bogdan Drozdowski commented on NET-408:
---

I finally got some time to look at this. I confirm the problem exists when 
connecting by IP in both active and passive mode to ProFTPd 1.3.3e. I confirm 
the sessions are different for the control and data connections (as per 
.toString()) despite using one SSLContext everywhere. Disabling session 
creating in server sockets or disabling client mode in them doesn't help.

I looked more closely at the JSSE Reference and yes, you can reuse sessions, 
but the only way you can do it is by passing the same host and port to the 
SSLEngine creation methods. These don't need to be the actual host and port 
you're connecting to (luckily) - they're just a marker or connection 
identifier. The first bad news is that these are just a hint, so the 
implementation might just as well ignore these and always create new SSL 
sessions. The second bad news is that you can't use an SSLEngine anywhere. You 
can't create contexts or sockets with it. The only thing you can do is creating 
your own subset of TLS implementation for your needs, just like in the example 
in the JSSE Reference Guide - you check message types, wrap and unwrap them 
etc. Just creating an SSLEngine from an SSLContext doesn't work, you have to 
use it.

Now better news that I've found: the PureTLS library 
(http://www.rtfm.com/puretls/) seems to do it in an easier way - you specify 
the host and port in the constructors and they're used to find sessions, so 
re-using sessions looks possible. The drawback is that the whole FTPSClient 
would have to be re-written to use this library and a new project dependency 
would have to be introduced, not to mention that PureTLS may not be as secure 
as the original SSL code in the JRE. There also is ftp4j, but it doesn't semm 
to do more that the Commons-Net FTP Client in terms of SSL.

The whole SSL stuff is so wrapped in Java that you can't access the details and 
you don't have full control over what's being done unless you write your own 
implementation.

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: ftpes.jpg, proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if 

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Michael Voigt (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13037740#comment-13037740
 ] 

Michael Voigt commented on NET-408:
---

I also build the ProFTPD with --with-modules=mod_tls and can connect with 
FileZilla but not with NET FTPSClient (even not with IP address).

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: ftpes.jpg, proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Sebb (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13037494#comment-13037494
 ] 

Sebb commented on NET-408:
--

The default ProFtpd package that is available for Ubuntu (and possibly other 
distros) does not include AUTH support, but I was able to build ProFtpd on 
Ubuntu with mod_tls support. I needed to install the libssl-dev package.

Then ran ./configure --with-modules=mod_tls ; make ; make install

This works with FileZilla, but requires NoSessionReuseRequired with the Net 
code, even if connecting by IP address.

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: ftpes.jpg, proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[David Kocher (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13036791#comment-13036791
 ] 

David Kocher commented on NET-408:
--

Does anyone here have an expertise how the caching per hostname and port in the 
SSL context could be altered to provide interoperability with the requirement 
to use the same SSL session for the data channel?

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: ftpes.jpg, proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Bogdan Drozdowski (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13036928#comment-13036928
 ] 

Bogdan Drozdowski commented on NET-408:
---

Some say it's impossible 
(http://forums.oracle.com/forums/thread.jspa?messageID=9279689), but the Java 
SSE Reference guide says (JSSERefGuide.html#SSLSession) the SSLContext, 
SSLSession and SSLEngine can be used to re-use the session, with the help of 
SSLContext.getClientSessionContext(), or by just simply using the same 
SSLContext for the subsequent sockets. On some message board I've also read 
that altering the default behaviour (or adding this functionality) would 
eventually lead to re-implementing many, many classes.

Apache's FTPSClient seems to use the same SSLContext for the control and data 
connections, so this should work. But it may be the problem that the control 
channel connects to the host by name and the data channel connects using the IP 
address (because this is what the PASV command gives), so the addresses may not 
match and the session is not reused.

Michael, could you try connecting to the host by its IP address and checking if 
that works (that is, NoSessionReuseRequired is not required any more)? Could 
you also please check if data transfer works in ACTIVE mode?

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: ftpes.jpg, proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Michael Voigt (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13036006#comment-13036006
 ] 

Michael Voigt commented on NET-408:
---

- adding the TLSv1 protocol helps to connect to the ProFTPD. Thanks for this 
hint!
- but: it still does only wirk with NoSessionReuseRequired set to true
- since it is a customer requirement not to use the NoSessionReuseRequired 
flag, we'll have to find another solution

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: ftpes.jpg, proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Sebb (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13035250#comment-13035250
 ] 

Sebb commented on NET-408:
--

Are you able to connect to the server with other FTP clients? If so which, and 
what settings do you use?

It would help if you could attach a sample of the code you are using.

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Michael Voigt (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13035279#comment-13035279
 ] 

Michael Voigt commented on NET-408:
---

Yes, I can connect to the FTP Server with FileZilla. I attached a screenshot of 
the settings. 
The posted the code I'm using in the issue description.

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: ftpes.jpg, proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (NET-408) problem connecting to ProFTPD with FTPES

[Bogdan Drozdowski (JIRA)]

[ 
https://issues.apache.org/jira/browse/NET-408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13035478#comment-13035478
 ] 

Bogdan Drozdowski commented on NET-408:
---

Try adding the TLSv1 protocol to the FTPSClient (if it's not there yet) with 
the getEnabledProtocols() and setEnabledProtocols() methods. Also, the server 
displays certificate unknown. Perhaps a client certificate was required by 
the server and none was provided to the FTPSCilent class.

About session reusing: it doesn't look like it's implemented in FTPSClient (all 
connections are created fresh), so right now you have to disable requiring 
session reuse in your server.

Try implicit SSL mode and see if you get the same error when connecting.

I won't be much of a help, because my ProFTPd is not SSL-enabled and rejects 
AUTH TLS.

 problem connecting to ProFTPD with FTPES
 

 Key: NET-408
 URL: https://issues.apache.org/jira/browse/NET-408
 Project: Commons Net
  Issue Type: Bug
  Components: FTP
Affects Versions: 2.2, 3.0
 Environment: ProFTPD 1.3.3d on SUSE Linux Enterprise Server 10.1 
 32bit, Kernel 2.6.16.46-0.12-default (config file attached)
 ProFTPD 1.3.3d on OpenSUSE 64bit Linux 2.6.34.8-0.2-desktop
 Java 1.5
Reporter: Michael Voigt
 Attachments: ftpes.jpg, proftpd.conf


 I have a problem with the FTPClient connecting to a ProFTPD server.
 If the server uses the configuration option TLSProtocol TLSv1, I
 cannot connect to it at all. I recieve the following error message:
 - javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection
 On the server side I see in the log:
 unable to accept TLS connection: protocol error:
 -  (1) error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
 certificate unknown
 - TLS/TLS-C negotiation failed on control channel
 If the server uses the configuration option TLSProtocol SSLv23, I
 can connect to it but I cant transfer any files. In the server log I
 see:
 - starting TLS negotiation on data connection
 - TLSv1/SSLv3 renegotiation accepted, using cipher RC4-MD5 (128 bits)
 - client did not reuse SSL session, rejecting data connection (see
 TLSOption NoSessionReuseRequired)
 - unable to open data connection: TLS negotiation failed
 If I add the NoSessionReuseRequired parameter to the ProFTPD config
 everything works fine.
 Here is my code:
FTPClient ftpClient = new FTPClient();
ftpClient = new FTPSClient(TLS);
// this throws an exception with TLSProtocol TLSv1
ftpClient.connect(host, port);
int reply = ftpClient.getReplyCode();
if (!FTPReply.isPositiveCompletion(reply)) {
ftpClient.disconnect();
log.error(The FTP Server did not return a positive 
 completion reply!);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_CONNECTION);
}
boolean loginSuccessful = ftpClient.login(userName, password);
if (!loginSuccessful) {
log.error(Login to the FTP Server failed! The 
 credentials are not valid.);
throw new 
 FtpTransferException(ECCUtils.ERROR_FTP_LOGIN);
}
ftpClient.execPBSZ(0);
ftpClient.execPROT(P);
boolean success = ftpClient.storeFile(fileName, fis);
if (!success) {
// this is false if NoSessionReuseRequired is not set
}
 Now my question is if it is generally possible to connect to a server
 with TLSProtocol TLSv1 or TLSProtocol SSLv23 without the
 NoSessionReuseRequired parameter? Could someone provide a piece of
 example code for this?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira