[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

Mon, 04 Nov 2013 20:02:37 -0800 

New submission from Ye Wang:

According to RFC4217 (Securing FTP with TLS, aka the FTPS spec), 

http://tools.ietf.org/html/rfc4217.html#section-10.2

"  It is reasonable for the server to insist that the data connection
   uses a TLS cached session.  This might be a cache of a previous data
   connection or of a cleared control connection.  If this is the reason
   for the refusal to allow the data transfer, then the '522' reply
   should indicate this.

   Note: This has an important impact on client design, but allows
   servers to minimize the cycles used during TLS negotiation by
   refusing to perform a full negotiation with a previously
   authenticated client."

It appears that vsftpd server implemented exactly that by enforcing the "SSL 
session reuse between the control and data connection".

http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html

Looking at the source of Python core library ftplib.py, there isn't any regard 
to the idea of SSL session reuse between data connection vs. control connection 
(correct me if I am wrong here. I've tried FTP_TLS.transfercmd(cmd[, rest])ΒΆ, 
didn't work). 

This issue is well documented on other FTP clients that supports FTPS, I.E. 
WinSCP: http://winscp.net/tracker/show_bug.cgi?id=668

See test log file attached. A vsftpd server with "require_ssl_reuse" set to 
true in vsftpd.conf would do the trick and can be reproduced.

----------
components: Library (Lib)
files: ftplib-FTPS-bug.txt
messages: 202193
nosy: Ye.Wang
priority: normal
severity: normal
status: open
title: Error when connecting to FTPS servers not supporting SSL session resuming
type: behavior
versions: Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4, Python 3.5
Added file: http://bugs.python.org/file32505/ftplib-FTPS-bug.txt

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue19500>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to