[Cyberduck-trac] [Cyberduck] #5087: Reuse Session key on Data connection
Cyberduck
trac at trac.cyberduck.ch
Fri Sep 17 12:23:05 CEST 2010
#5087: Reuse Session key on Data connection
----------------------------+-----------------------------------------------
Reporter: abrax5 | Owner: dkocher
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: ftp-tls | Version: 3.5.1
Severity: normal | Resolution:
Keywords: proftpd | Platform: Mac OS X 10.6
Architecture: Intel |
----------------------------+-----------------------------------------------
Comment (by abrax5):
Pretty difficult indeed, it seems. I looked at the GNU classpath code to
get an idea. In {{{\gnu\javax\net\ssl\provider\AbstractHandshake.java}}}
there is a function called {{{generateMasterSecret()}}} which seems to be
responsible for generating the session key according to TLS/SSL spec. This
one is of course well hidden behind the whole public SSL/TLS Java API and
it would be quite hard to mess with this and inject a predefined session
key, IMHO.
Does ProFTPd skip the handshake altogether on the second connection? Or
how do they intend to make that connection reuse the session key? Is this
still a valid/spec-compliant TLS session in this case or do they deviate
from the protocol? Are there actually FTP client implementations who
manage to do that?
--
Ticket URL: <http://trac.cyberduck.ch/ticket/5087#comment:7>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV, Cloud Files, Google Docs, Azure and S3 Browser for Mac OS X.
More information about the Cyberduck-trac
mailing list