Errors with FTPS Server when using TLS 1.3 and reuse session id required :: Support Forum

Andy
Joined:: 2023-07-31
Posts:: 3

Errors with FTPS Server when using TLS 1.3 and reuse session id required

2023-07-31 12:20

Hi
First of all I would like to say I really appreciate WinSCP and your continued development effort over so many years, thanks a lot for that.

Regarding my problem: I saw an older thread from 2021 with the same problem but I didn't want to hijack it and there was no solution posted there.

We have a Cerberus FTP Server with session id reuse required activated and WinSCP can't connect to it when using TLS 1.3. If I go into advanced options of the Site manager and limit TLS to 1.2 the connection works fine. The server logs

Data connection did not reuse control connection session as required

WinSCP Version: 6.1.1 Cerberus Server version: 13.0.2.0 (this is the latest version)
I attached logs from client and server and also a testuser for you as private file, let me know if you need any more information.
Thanks in advance

WinSCP-Testaccount.txt (108 Bytes, Private file)

Description: Testaccount for our Cerberus Server

20230731-winscp-test-client.log (36.13 KB, Private file)

Description: Client debug log of 2 sessions, first with TLS 1.3, second with TLS 1.2

20230731-winscp-test-server.log (12.09 KB, Private file)

Description: Server log of 2 sessions, first with TLS 1.3, second with TLS 1.2

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,440
Location:: Prague, Czechia

Re: Errors with FTPS Server when using TLS 1.3 and reuse session id required

2023-08-01

Thanks for providing me with the test account. I'll do some tests within few days.

Reply with quote

martin◆ Site Admin

Re: Errors with FTPS Server when using TLS 1.3 and reuse session id required

2023-08-02

Thanks. I was able to reproduce the problem. Does the problem happen only with implicit TLS? Can I test it with explicit TLS too?

Reply with quote

Andy

2023-08-02 10:41

Yes this also happens with explicit TLS when I activate the session reuse required feature on that listener, that's how I was made aware of this problem. I activated it and some of our customers reported the problem using WinSCP. I had to deactivate this feature on the listener for explicit so that our customers can connect. So you can't test it there, sorry. If it's really important for you I can maybe add a new listener for your test.

Reply with quote

martin◆ Site Admin

2023-08-04

Ok. Thanks for your response. I have some ideas, what might be causing the problem. I'll investigate in upcoming days. Please keep the test account open for me. Thanks.

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 41,440
Location:: Prague, Czechia

2023-08-06

I have added this issue to the tracker:
Issue 2210 – TLS session resumption is not working for subsequent FTP data connections with TLS 1.3 with some servers

I'm sending you an email with a development version of WinSCP to the address you have used to register on this forum.

Reply with quote

Andy

2023-08-08 10:17

Hi Martin
Sorry for the delayed response. I tested the development version with implicit AND explicit TLS 1.3 and both works great. To double check I tested both ways again with version 6.1.1 and receive the errors. I would say your fix was successful.
Thank you!

Reply with quote