Errors with FTPS Server when using TLS 1.3 and reuse session id required

Advertisement

Andy
Joined:
Posts:
3

Errors with FTPS Server when using TLS 1.3 and reuse session id required

Hi
First of all I would like to say I really appreciate WinSCP and your continued development effort over so many years, thanks a lot for that.

Regarding my problem: I saw an older thread from 2021 with the same problem but I didn't want to hijack it and there was no solution posted there.

We have a Cerberus FTP Server with session id reuse required activated and WinSCP can't connect to it when using TLS 1.3. If I go into advanced options of the Site manager and limit TLS to 1.2 the connection works fine. The server logs
Data connection did not reuse control connection session as required
WinSCP Version: 6.1.1 Cerberus Server version: 13.0.2.0 (this is the latest version)
I attached logs from client and server and also a testuser for you as private file, let me know if you need any more information.
Thanks in advance
  • WinSCP-Testaccount.txt (108 Bytes, Private file)
Description: Testaccount for our Cerberus Server
  • 20230731-winscp-test-client.log (36.13 KB, Private file)
Description: Client debug log of 2 sessions, first with TLS 1.3, second with TLS 1.2
  • 20230731-winscp-test-server.log (12.09 KB, Private file)
Description: Server log of 2 sessions, first with TLS 1.3, second with TLS 1.2

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,567
Location:
Prague, Czechia

Re: Errors with FTPS Server when using TLS 1.3 and reuse session id required

Thanks for providing me with the test account. I'll do some tests within few days.

Reply with quote

martin
Site Admin
martin avatar

Re: Errors with FTPS Server when using TLS 1.3 and reuse session id required

Thanks. I was able to reproduce the problem. Does the problem happen only with implicit TLS? Can I test it with explicit TLS too?

Reply with quote

Andy

Yes this also happens with explicit TLS when I activate the session reuse required feature on that listener, that's how I was made aware of this problem. I activated it and some of our customers reported the problem using WinSCP. I had to deactivate this feature on the listener for explicit so that our customers can connect. So you can't test it there, sorry. If it's really important for you I can maybe add a new listener for your test.

Reply with quote

martin
Site Admin
martin avatar

Ok. Thanks for your response. I have some ideas, what might be causing the problem. I'll investigate in upcoming days. Please keep the test account open for me. Thanks.

Reply with quote

Advertisement

Andy

Hi Martin
Sorry for the delayed response. I tested the development version with implicit AND explicit TLS 1.3 and both works great. To double check I tested both ways again with version 6.1.1 and receive the errors. I would say your fix was successful.
Thank you!

Reply with quote

Advertisement

You can post new topics in this forum