How to Reuse the TLS Session for Data Connections in FTPS with Apache Commons Net?
- Mary-Kate OlsenOriginal
- 2024-11-11 22:42:03282browse
How to Connect to FTPS Server with Data Connection Using the Same TLS Session
The Apache Commons Net FTPS implementation does not automatically reuse the TLS session for data connections when connecting to certain FTPS servers. This can cause TLS handshake errors when the data connection is attempted.
To ensure the data connection uses the same TLS session as the control connection:
- Check if the FTPS server supports TLS session reuse: Some servers, such as FileZilla Server, enforce TLS session reuse for the data connections.
- Reuse the session using custom code: You can override the _prepareDataSocket_ method in the FTPSClient class to manually set the session for the data connection.
@Override
protected void _prepareDataSocket_(final Socket socket) {
if(preferences.getBoolean("ftp.tls.session.requirereuse")) {
if(socket instanceof SSLSocket) {
// Control socket is SSL
final SSLSession session = ((SSLSocket) _socket_).getSession();
if (session.isValid()) {
final SSLSessionContext context = session.getSessionContext();
context.setSessionCacheSize(preferences.getInteger("ftp.ssl.session.cache.size"));
try {
final Field sessionHostPortCache = context.getClass().getDeclaredField("sessionsByHostAndPort");
sessionHostPortCache.setAccessible(true);
final Object cache = sessionHostPortCache.get(context);
final Method putMethod = cache.getClass().getDeclaredMethod("put", Object.class, Object.class);
putMethod.setAccessible(true);
Method getHostMethod;
try {
getHostMethod = socket.getClass().getMethod("getPeerHost");
} catch (NoSuchMethodException e) {
// Running in IKVM
getHostMethod = socket.getClass().getDeclaredMethod("getHost");
}
getHostMethod.setAccessible(true);
Object peerHost = getHostMethod.invoke(socket);
putMethod.invoke(cache, String.format("%s:%s", peerHost, socket.getPort()).toLowerCase(Locale.ROOT), session);
} catch (NoSuchFieldException e) {
// Not running in expected JRE
log.warn("No field sessionsByHostAndPort in SSLSessionContext", e);
} catch (Exception e) {
// Not running in expected JRE
log.warn(e.getMessage());
}
} else {
log.warn(String.format("SSL session %s for socket %s is not rejoinable", session, socket));
}
}
}
}
- Override Spring Integration's createClientInstance(): Create a custom factory that returns the FTPSClient with the _prepareDataSocket_ override.
- Set jdk.tls.useExtendedMasterSecret to false (Java 8u161 and above): This is a workaround for SSLHandshakeException in JDK 8u161.
System.setProperty("jdk.tls.useExtendedMasterSecret", "false");The above is the detailed content of How to Reuse the TLS Session for Data Connections in FTPS with Apache Commons Net?. For more information, please follow other related articles on the PHP Chinese website!
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Why Does Using a Raw Type for a List Reference Prevent Generic Method Usage?Next article:Why Does Using a Raw Type for a List Reference Prevent Generic Method Usage?
Related articles
See more- How to Load Images Using getClass().getResource() in Java?
- How can you implement communication between a Fragment and an Adapter in Android?
- Rate Limiting Algorithms and Techniques
- How do I access a deployed WAR file in Tomcat 7?
- Hibernate's `save`, `persist`, `update`, `saveOrUpdate`, and `merge`: When to Use Which?