[
https://issues.apache.org/jira/browse/NET-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17194184#comment-17194184
]
j-verse commented on NET-687:
-----------------------------
As a sidenote to [~mguichar] :
It has nothing to do with SSL session reuse, this is a feature the library does
not support very well. There are ways to work around this problem though
(assuming you use version 3.6 of commons-net, since 3.7 is broken because of
this issue). Have a look at the following article:
[https://eng.wealthfront.com/2016/06/10/connecting-to-an-ftps-server-with-ssl-session-reuse-in-java-7-and-8/]
This article shows a way to reuse the control channel SSL session for the data
channel. Even with this workaround you might still run into the same session
reuse error. With JDK 8u161 or higher (also including JDK 9, 11, etc) you also
need to set the following system property to _false_:
{code:java}
jdk.tls.useExtendedMasterSecret
{code}
> FTP data connection error Unsupported or unrecognized SSL message. Probably
> another ssl_reuse session error ?
> -------------------------------------------------------------------------------------------------------------
>
> Key: NET-687
> URL: https://issues.apache.org/jira/browse/NET-687
> Project: Commons Net
> Issue Type: Bug
> Components: FTP
> Affects Versions: 3.7
> Environment: Tested with JDK 8, 11, 13, 14
> Reporter: Mikael
> Priority: Major
>
> After adding the self signed polynesie.cer certificate to JVM security
> (_jdk-x.x.x/lib/security_) :
> {code:java}
> keytool.exe -import -storepass "changeit" -keystore "./cacerts" -alias
> polynesie.cer -file ./polynesie.cer -noprompt{code}
> polynesie.cer obtained by copying certificate part from this command line
> result :
> {code:java}
> openssl s_client -connect ftp0.gov.pf:21 -starttls ftp{code}
> Trying to retrieve a file with ftpes :
> {code:java}
> java -cp commons-net-examples-3.5.jar;commons-net-3.5.jar
> examples/ftp/FTPClientExample -A -p TLS,false -e -b ftp0.gov.pf
> DataVRS/fiche_Station_VRS_VAI1.pdf fiche_Station_VRS_VAI1.pdf{code}
> Produce this exception :
> {code:java}
> javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
> at
> java.base/sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(Unknown
> Source)
> at java.base/sun.security.ssl.SSLSocketInputRecord.decode(Unknown
> Source)
> at java.base/sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at java.base/sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at
> java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source)
> at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> at
> org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:642)
> at
> org.apache.commons.net.ftp.FTPClient._retrieveFile(FTPClient.java:1907)
> at
> org.apache.commons.net.ftp.FTPClient.retrieveFile(FTPClient.java:1893)
> at testFTP2.FTPClientExample.main(FTPClientExample.java:513)
> {code}
> It is probably the same error of ssl_reuse session as NET-408.
> Same try with ftp4j library reports this error :
> {code:java}
> code=522, message= SSL connection failed; session reuse required: see
> require_ssl_reuse option in vsftpd.conf man page
> {code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
