Current time: 12-24-2024, 04:25 AM Hello There, Guest! (LoginRegister)


Post Reply 
FTP over TLS / SSL for a specific domain/user ?
Author Message
thibotus01 Offline
Junior Member
*

Posts: 47
Joined: Feb 2009
Reputation: 0
Post: #6
RE: FTP over TLS / SSL for a specific domain/user ?
Hum, i'm excpecting a weird problem.
I try to download a big file (7GB) with FTP over TLS/SSL, and after 1.16GB transfered I got an error, and the transfer is canceled. I tried with different files, it's always after around 1GB.

But via FTP, no ssl connection, it works fine.

My client is "transmit" on MAC OS X, and the error message is "socket read error", the full log:

Cmd: RETR lhoal-haabis.iso
150: Opening BINARY mode data connection for lhoal-haabis.iso (7043174707 bytes)

BEFORE
**..... downloading.... **
AFTER

Remote read failed: Unknown error: 0.
426: Transfer aborted. Operation not permitted
Solved Smile Smile


Question: My FTPS client sometimes times out after uploading/downloading more than 1 GB of data. When I turn off SSL/TLS, the upload/download works. Why?
Answer: The culprit behind this is most likely SSL/TLS renegotiations. By default, mod_tls uses SSL/TLS renegotiations to periodically update the session key which protects the data being transferred; see the TLSRenegotiate documentation for more details, particularly the time-based and bytes-based limits at which renegotations are forced.

Some FTPS clients, however, do not support server-initiated SSL/TLS renegotations. When the server does try to force a renegotiation, the client fails that new handshake, cannot upload/download any more data over the protected channel, and the transfer will eventually time out. Alternatively, the transfer could terminate strangely in the middle of the upload/download. Note, however, that not all transfer issues will be caused by SSL/TLS renegotiations. Bugs in firewalls and routers can also cause these symptoms.

Should you suspect that you are having issues with your FTPS client because of SSL/TLS renegotiations, you can configure mod_tls to accept renegotiations if the client requests one, but not to otherwise force them:

TLSRenegotiate required off


http://proftpd.online-mirror.de/docs/howto/TLS.html
(This post was last modified: 08-06-2009 05:31 PM by thibotus01.)
08-06-2009 05:27 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
RE: FTP over TLS / SSL for a specific domain/user ? - thibotus01 - 08-06-2009 05:27 PM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)