TJ Saunders
TJ Saunders
> Could ProFTPD wait with creating/truncating a file until it is sure that the data connection is not rejected? We _could_ do that. One reason that ProFTPD currently opens/creates the...
https://github.com/proftpd/proftpd/pull/1932 should fix this if you'd like to confirm, _assuming_ use of OpenSSL 3.x or later; the necessary API was not present in older OpenSSL 1.x versions.
Most of the time, `mod_tls` uses the [`tls_decrypt_session_ticket_data_xfer_cb`](https://github.com/proftpd/proftpd/blob/master/contrib/mod_tls.c#L7057) callback function for decrypting the session tickets received at handshake time (thus at start of data transfers, assuming TLS for the data...
Fascinating! My assumptions with regard to handling of expired session tickets for non-upload data transfers were not quite accurate. If the client initiates a non-upload data transfer (download, directory listing)...
I've updated the PR to request new TLS session tickets _on the control connection/session_, before any data transfer-triggering commands, if the control session looks to expire in 10 seconds or...
Things get murkier; switching from TLSv1.3 (which requires session tickets) to TLSv1.2 for my reproduction test, I encounter similar problems. I suspect that the underlying behavior is more about expired...
I'm planning to merge this PR (and backport it to the 1.3.9 branch), for the TLSv1.3 session ticket expiry case. I'll then file a second (but related) ticket, to track...
I wonder if using the `SSL_SESS_CACHE_UPDATE_TIME` flag for [`SSL_CTX_set_session_cache_mode`](https://docs.openssl.org/3.2/man3/SSL_CTX_set_session_cache_mode/#notes) might be another way to address this issue, in a more version-agnostic manner.
Can you provide a detailed example of such client-side logging of "Algorithm negotation failed"? Are you talking about SSH/SFTP, TLS, or both? What's the ProFTPD config that you're using?
>   > > It is SFTP Do you happen to have the corresponding ProFTPD logs for these failed sessions? `SFTPLog`, [ProFTPD debug logging](http://www.proftpd.org/docs/howto/Debugging.html), or similar?