SSL/TLS issue with data connections not closing properly

Home Forums General Report a Bug SSL/TLS issue with data connections not closing properly

  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #29988
    WebDrive
    Participant

    hello, I am a developer for WebDrive FTP client. A customer of ours is having an issue with directory listings when connecting to your server (latest version) and using AUTH SSL. What I see is that after listing the files from a “LIST” command the winsock recv times out waiting for the server to gracefully close the connection. I have also tried several other FTP clients to make sure this wasn’t a bug in WebDrive client and CoreFTP and MoveitFTP also see the same timeout issue. CoreFTP for example has 2 SSL engines, OpenSSL and WindowsSSL, while using OpenSSL it works however when using the Windows SSL engine it fails with a timeout similar to MoveitFTP and WebDrive. FileZilla seems to work but I believe that is based on the OpenSSL engine. If you have any information on this issue please let me know. Or if you want to get in touch with me please do so via our help desk at http://www.webdrive.com thanks.

    #35631
    imported_Serin
    Participant

    Hello,

    I can observe the issue when your client connects with Auth SSL but I haven’t been able to verify that it is a server or client issue yet. I will look into the problem and get back to you.

    #35628
    WebDrive
    Participant

    ok, please try CoreFTP as well, they have a free version of their FTP client you can download and try it out, just set it to use “Windows SSL” and it should demontrate the same issue.

    thanks, — john

    #35629
    imported_Serin
    Participant

    Hello,

    I believe the problem is related to one side or the other not performing a proper TLS/SSL shutdown of the secure connection. Many clients and servers “hang-up” the connection without performing a proper TLS shutdown. Cerberus first issues a TLS/SSL shutdown on its end and then waits for the other side to confirm TLS/SSL shutdown before performing a normal shutdown and close of the socket. I suspect Cerberus might be waiting for WebDrive to respond with a “close notify” (which it probably should be sending) and that perhaps that is the reason the connection stays open. It’s just a quick guess though – I will investigate further.

    Quick tests with Core FTP seem to indicate normal connection termination with OpenSSL and Windows SSL. However, Windows SSL does appear to be slower.

    Regards,

    Grant

    #35630
    WebDrive
    Participant

    ok I am seeing something, on the client side I see a context expired message from the Windows SSL subsystem, but then we still issue a winsock recv call and this is what hangs. I made a change to not ask for any more data after receiving the context expired message and it seems to work. Not sure why we don’t see this with other servers, other server seems to just return 0 on the recv which indicates a graceful shutdown. I’ll have the customer try this fix to see if it works ok for them. — john

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.
Close Cart

Shopping Cart