-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TIDFTP with SChannel? session reuse required #10
Comments
The problem appears to be in |
Hi @rlebeau what it the purpose of the Clone method ? the TLS session is bound to a specific socket, so does the Clone() method create a new instance to work with the same socket ? if it is the case, then I can add an SSLClone method with an automatic reference counteur in TSSLInfo.. something like
with
and
|
To create a new
A TLS session is not bound to a specific socket. Not in OpenSSL, not in SChannel. Multiple sockets can share a TLS session across connections. For instance, in this situation, an FTPS data connection can (and on many servers, must) share a TLS session with the FTP control connection, to avoid MITM hijacking of data connections. HTTP requests across non-persistent connections can also share TLS sessions, too. Basically, any time a peer wants to setup authentication+encryption 1 time with another peer and then reuse that session over and over regardless of how many connections are involved. In Indy's case, that currently only happens in
Not with the same socket, no. It should create a new instance that will share the same TLS session with a new socket.
I don't think cloning the whole https://stackoverflow.com/questions/905851/ssl-session-reuse-with-schannel-windows I think that means So, you will likely still need a separate |
thank you @rlebeau you mean the TLS session at the TLS protocol level. Sorry @jdredd87 I have no time to spend on SChannel nor Indy to handle that. I spent some time studying the TLS protocol on another project, and now I know that SChannel prohibits quite a few things (like select cipher suites) and is quite poorly documented, so it's not easy to get it to work properly :) |
Using OpenSSL , my program works to connect to a FTP server running TLS 1.2.
Snippet of code from a stand alone example...
Gets A "session reuse required" error.
If i switch to the openSSL IOHandler, it all works.
` IdFTP1 := tidftp.Create(nil);
ssl := TIdSSLIOHandlerSocketSChannel.Create(nil);
IdFTP1.OnStatus := FTPStatus;
IdFTP1.OnTLSNotAvailable := TLSNotAvailable;
IdFTP1.OnTLSHandShakeFailed := TLSHandShakeFailed;
IdFTP1.OnTLSNegCmdFailed := TLSNegCmdFailed;
IdFTP1.IOHandler := ssl;
IdFTP1.UseTLS := utUseExplicitTLS;
IdFTP1.Passive := True;
IdFTP1.Host := 'some-sever.com';
IdFTP1.Username := 'user';
IdFTP1.Password := 'pass';
IdFTP1.Connect;
IdFTP1.DataPortProtection := ftpdpsPrivate;
Memo1.lines.add('');
if IdFTP1.SupportsTLS then
Memo1.lines.add('TLS IS SUPPORTED')
else
Memo1.lines.add('TLS IS NOT SUPPORTED');
Memo1.lines.add('');
IdFTP1.list; /// < ---- FAILS RIGHT HERE. session reuse required
for i := 0 to IdFTP1.DirectoryListing.Count - 1 do
begin
Memo1.lines.add(IdFTP1.DirectoryListing.Items[i].FileName);
end;
IdFTP1.TransferType := ftBinary;
if fileexists('test.txt') then
IdFTP1.Put('test.txt');
IdFTP1.Disconnect;
IdFTP1.Free;
ssl.Free;
`
The text was updated successfully, but these errors were encountered: