[Cyberduck-trac] [Cyberduck] #3012: TLS Renegotiation fails

Cyberduck trac at trac.cyberduck.ch
Tue Aug 24 14:23:22 CEST 2010


#3012: TLS Renegotiation fails
--------------------------+-------------------------------------------------
    Reporter:  anonymous  |        Owner:  dkocher
        Type:  defect     |       Status:  new    
    Priority:  normal     |    Milestone:         
   Component:  ftp-tls    |      Version:  3.1.2  
    Severity:  critical   |   Resolution:         
    Keywords:             |     Platform:         
Architecture:             |  
--------------------------+-------------------------------------------------
Description changed by dkocher:

Old description:

> According to mod_gnutls documentation of ProFTPd, GnuTLS requires a TLS
> Renegotiation after 1GB of transferred data by default.
>
> From
> http://www.proftpd.org/docs/directives/linked/config_ref_TLSRenegotiate.html:
> "By default, mod_tls will perform renegotiations if supported, on the
> control channel after 4 hours, and on the data channel after one gigabyte
> of transferred data. The default timeout for a renegotiation is 30
> seconds."
>
> When transferring a single file larger than 1GB through ftps:// Cyberduck
> will cancel the tranfer reporting a permission error.
>
> Expected behavior: Cyberduck should comply with the renegotation request
> on the TLS data channel
>
> Workaround: Set "TLSRenegotiate none" in proftpd.conf

New description:

 According to mod_gnutls documentation of ProFTPd, GnuTLS requires a TLS
 Renegotiation after 1GB of transferred data by default.

 From
 http://www.proftpd.org/docs/directives/linked/config_ref_TLSRenegotiate.html:
 > By default, mod_tls will perform renegotiations if supported, on the
 control channel after 4 hours, and on the data channel after one gigabyte
 of transferred data. The default timeout for a renegotiation is 30
 seconds.

 When transferring a single file larger than 1GB through `ftps://`
 Cyberduck will cancel the tranfer reporting a permission error.

 Expected behavior: Cyberduck should comply with the renegotation request
 on the TLS data channel

 Workaround: Set `TLSRenegotiate none` in ''proftpd.conf''

--

-- 
Ticket URL: <http://trac.cyberduck.ch/ticket/3012#comment:3>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV, Cloud Files, Google Docs, Azure and S3 Browser for Mac OS X.


More information about the Cyberduck-trac mailing list