robinrodricks
GetListing - SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page
FTP OS: Unix
FTP Server: Vsftpd?
Computer OS: Windows 10
FluentFTP Version: 40.0.0
Framework: .NET 6
Hi - we have one more problem with an other specific FTP server - seems like we can connect through autoconnect - but GetListing throws: - any ideas?
Response: 522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page
Status: Disposing FtpSocketStream...
Unhandled exception. FluentFTP.FtpCommandException: SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page
at FluentFTP.FtpClient.GetListingInternal(String listcmd, FtpListOption options, Boolean retry)
at FluentFTP.FtpClient.GetListing(String path, FtpListOption options)
at FluentFTP.FtpClient.GetListing()
at FluentFTPTest.FluentFTP_Error2() in C:\Users\martin\Desktop\Neuer Ordner (3)\FluentExample\Program.cs:line 22
at Program.<Main>$(String[] args) in C:\Users\martin\Desktop\Neuer Ordner (3)\FluentExample\Program.cs:line 5
Logs :
# AutoConnect()
# AutoDetect(True, False)
# Connect()
Status: Connecting to ***:21
Response: 220 Welcome
Command: AUTH TLS
Response: 234 Proceed with negotiation.
Status: FTPS Authentication Successful
Status: Time to activate encryption: 0h 0m 0s. Total Seconds: 0,1244353.
Command: USER ***
Response: 331 Please specify the password.
Command: PASS ***
Response: 230 Login successful.
Command: PBSZ 0
Response: 200 PBSZ set to 0.
Command: PROT P
Response: 200 PROT now Private.
Command: FEAT
Response: 211-Features:
Response: AUTH TLS
Response: EPRT
Response: EPSV
Response: MDTM
Response: PASV
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: TVFS
Response: UTF8
Response: 211 End
Status: Text encoding: System.Text.UTF8Encoding+UTF8EncodingSealed
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Command: SYST
Response: 215 UNIX Type: L8
Status: Listing parser set to: Unix
# SetWorkingDirectory("out")
Command: CWD out
Response: 250 Directory successfully changed.
# GetListing(null, Auto)
Command: PWD
Response: 257 "/out"
Command: TYPE I
Response: 200 Switching to Binary mode.
# OpenPassiveDataStream(PASV, "LIST /out", 0)
Command: PASV
Response: 227 Entering Passive Mode (192,168,3,13,129,177).
Status: Connecting to ***:33201
Command: LIST /out
Response: 150 Here comes the directory listing.
Status: FTPS Authentication Successful
Status: Time to activate encryption: 0h 0m 0s. Total Seconds: 0,1404852.
+---------------------------------------+
-----------------------------------------
Status: Disposing FtpSocketStream...
# CloseDataStream()
Response: 522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page
You can turn off require_ssl_reuse in vsftpd, or maybe we can try something.
Historically, this is a feature that gives trouble as .NET SslStream does not support it.
Ok - but i am not in control of any ftp server? we simply use the library and our customers connect to many different ftp servers?
@robinrodricks I have both a proftpd and a vsftpd server running here, SSL enabled, both are not configured to disable session reuse. As far as I know, both default to require session reuse. My FluentFTP test program successfully lists and downloads files with encryption active. This confuses me. I have read the threads concerning this - #347, as well as this, still confused, though.
@noxe This is certainly vsftpd, see the messages.
But it would be very interesting to find out somehow, which version of vstftpd is it?
hmm ok - any chance to do so remote? we dont have any contact to the server owner?
I am starting on checking this issue.
@noxe I need you to upgrade to a newer version of FluentFTP to get a better
Status: FTPS Authentication Successful
message.
Namely:
Status: FTPS Authentication Successful, Protocol = Tls12 (or whatever).
This weekend there will be a Nuget 41.0.0, so you don't need to download from master, really. Whichever you prepare.
I need to know what protocol your connection to that server is using.
@FanDjango - sure no problem - when it is available i do an test and give an update here!
I am in the process of collecting information on this type of problem. You are not the only one, but you are the odd one out - all others are either TLS 1.3 (where the problem is known) or Filezilla servers (older ones). I really wonder what is going on with that server of yours. Remember (see above) that I can connect successfully to a vanilla vsftpd server and have no problem (TLS 1.2, session resume is not turned off = default).
if it helps i think i can also privatly share credentials with you?
I don't know how that is done in a safe fashion.
Hi - i hope this helps - i upgraded to v41:
# Connect()
Status: Connecting to ***:21
Response: 220 Welcome
Command: AUTH TLS
Response: 234 Proceed with negotiation.
Warning: SSL Buffering force disabled, is .NET 5.0 and later
Status: FTPS authentication successful, protocol = Tls12
Status: Time to activate encryption: 0h 0m 0s. Total Seconds: 0,0947929.
Command: USER ***
Response: 331 Please specify the password.
Command: PASS ***
Response: 230 Login successful.
Command: PBSZ 0
Response: 200 PBSZ set to 0.
Command: PROT P
Response: 200 PROT now Private.
Command: FEAT
Response: 211-Features:
Response: AUTH TLS
Response: EPRT
Response: EPSV
Response: MDTM
Response: PASV
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: TVFS
Response: UTF8
Response: 211 End
Status: Text encoding: System.Text.UTF8Encoding+UTF8EncodingSealed
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Command: SYST
Response: 215 UNIX Type: L8
Status: Listing parser set to: Unix
# SetWorkingDirectory("out")
Command: CWD out
Response: 250 Directory successfully changed.
# GetListing(null, Auto)
Command: PWD
Response: 257 "/out"
Command: TYPE I
Response: 200 Switching to Binary mode.
# OpenPassiveDataStream(PASV, "LIST /out", 0)
Command: PASV
Response: 227 Entering Passive Mode (192,168,3,13,130,58).
Status: Connecting to ***:33338
Command: LIST /out
Response: 150 Here comes the directory listing.
Warning: SSL Buffering force disabled, is .NET 5.0 and later
Status: FTPS authentication successful, protocol = Tls12
Status: Time to activate encryption: 0h 0m 0s. Total Seconds: 0,0950533.
+---------------------------------------+
-----------------------------------------
Status: Disposing FtpSocketStream...
# CloseDataStream()
Response: 522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page
Status: Disposing FtpSocketStream...
@robinrodricks So: It is vsftpd unknown version. It is TLS 1.2. And more, we don't know. It is the only TLS 1.2 SSL Session Resume problem we know of right now. No clue yet.
vsftpd reacts differently to this than filezilla server 0.96 : vsftpd accepts the authentication and then terminates the connection and sends an error message on the control connection. filezilla rejects the authentication, which fails and then sends an error message on the control connections. But since authentication fails, this error message is never seen. Only newer versions V42 of FluentFTP can show this up.
@noxe Is this still an issue for you? I have some news/some questions for you re. a new development for this.
@FanDjango - i guess yes - but have not heared about it the last weeks. but i guess nothing has changed so far :)
Look like this one is fixed by using FluentFTP.GnuTls.
See: https://github.com/robinrodricks/FluentFTP/wiki/FTPS-Connection-using-GnuTLS