Hi Raymond,
that `reuseSession=true` setting would have to rely on subclassing the
FTPS implementation in commons-net and still do reflection tricks that
would tie it to a specific JDK implementation of TLS. Not sure that
this is something for Camel to solve.
It's often that we find ourselves in s
Hi Zoran,
That's a great tip and I think you are right. Just setting the system
property didn't work however. Probably because Camel's own implementation.
For example one can set the SSL/TLS version from system property, but in
Camel this a separate property. It might work when using the "ftpclien
Hi Raymond,
from what I understand the security measure in FileZilla requires that
the same TLS session is used for the control and data connections, am
I correct?
In your research have you come across this StackOverflow post?
https://stackoverflow.com/questions/32398754/how-to-connect-to-ftps-se
I looked again into this issue. The issue occurs, because of TLS session
resumption. There is an option enabled by default on the FileZilla server
to avoid an exploit. See this forum post:
https://forum.filezilla-project.org/viewtopic.php?p=137191#p137191
The proposed solution on StackOverflow is
Yes, I have JCE accessible in the JVM. I am using latest Java 8 Update 201.
As in this anser stackoverflow the unlimited shouldn't be set anymore:
https://golb.hplar.ch/2017/10/JCE-policy-changes-in-Java-SE-8u151-and-8u152.html
To be sure I did enable crypto.policy=unlimited in the security file
Do you have the Java Cryptography Extension (JCE) accessible to your JVM ?
In one case Camel had trouble communicating with an FTPS server which was using
a cipher not available to the default Java installation and I solved it by
installing that extension.
/Björn
On 10/02/2019, 19:09, "ski n"
I'm trying to send some text files to a FTPS server. The FTPS server has
following specifications:
1) FTP Type: FileZilla Server
2) Cryptographic protocol = TLS/SSL Explicit encryption, TLSv1.2
3) Encryption algorithm = TLSv1/SSLv3: ECDHE-RSA-AES256-GCM-SHA384, 2048
bit RSA, ECDHE-RSA-AES256-GCM-S