[
https://issues.apache.org/jira/browse/NET-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17406296#comment-17406296
]
Vladimir I commented on NET-687:
--------------------------------
So now it is mandatory to `execPROT` for FTPS connections, otherwise, it sets
for data connections plain socket only and timeout after a while because the
other party is expecting a handshake.
It has issues:
1) for TLS control connections without PROT we try to use plain sockets for
data transfer (why? isn't it logical to use SSL in this case?).
2) all clients have to call `execPROT`. Which is i believe is fragile since it
is mandatory now and it should be called before any data-related command.
3) existing clients are not issuing PROT command, so it leads to
incompatibility and issues in all of them (requires update)
> [FTPS] javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
> --------------------------------------------------------------------------
>
> Key: NET-687
> URL: https://issues.apache.org/jira/browse/NET-687
> Project: Commons Net
> Issue Type: Bug
> Components: FTP
> Affects Versions: 3.7
> Environment: Tested with JDK 8, 11, 13, 14
> Reporter: Mikael
> Priority: Major
> Fix For: 3.7.1
>
>
> After adding the self signed polynesie.cer certificate to JVM security
> (_jdk-x.x.x/lib/security_) :
> {code:java}
> keytool.exe -import -storepass "changeit" -keystore "./cacerts" -alias
> polynesie.cer -file ./polynesie.cer -noprompt{code}
> polynesie.cer obtained by copying certificate part from this command line
> result :
> {code:java}
> openssl s_client -connect ftp0.gov.pf:21 -starttls ftp{code}
> Trying to retrieve a file with ftpes :
> {code:java}
> java -cp commons-net-examples-3.5.jar;commons-net-3.5.jar
> examples/ftp/FTPClientExample -A -p TLS,false -e -b ftp0.gov.pf
> DataVRS/fiche_Station_VRS_VAI1.pdf fiche_Station_VRS_VAI1.pdf{code}
> Produce this exception :
> {code:java}
> javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
> at
> java.base/sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(Unknown
> Source)
> at java.base/sun.security.ssl.SSLSocketInputRecord.decode(Unknown
> Source)
> at java.base/sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at java.base/sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at
> java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source)
> at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> at
> org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:642)
> at
> org.apache.commons.net.ftp.FTPClient._retrieveFile(FTPClient.java:1907)
> at
> org.apache.commons.net.ftp.FTPClient.retrieveFile(FTPClient.java:1893)
> at testFTP2.FTPClientExample.main(FTPClientExample.java:513)
> {code}
> It is probably the same error of ssl_reuse session as NET-408.
> Same try with ftp4j library reports this error :
> {code:java}
> code=522, message= SSL connection failed; session reuse required: see
> require_ssl_reuse option in vsftpd.conf man page
> {code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
