[Cyberduck-trac] [Cyberduck] #5087: Reuse Session key on Data connection

Cyberduck trac at trac.cyberduck.ch
Fri Sep 17 12:23:05 CEST 2010

#5087: Reuse Session key on Data connection
    Reporter:  abrax5       |        Owner:  dkocher      
        Type:  enhancement  |       Status:  new          
    Priority:  normal       |    Milestone:               
   Component:  ftp-tls      |      Version:  3.5.1        
    Severity:  normal       |   Resolution:               
    Keywords:  proftpd      |     Platform:  Mac OS X 10.6
Architecture:  Intel        |  

Comment (by abrax5):

 Pretty difficult indeed, it seems. I looked at the GNU classpath code to
 get an idea. In {{{\gnu\javax\net\ssl\provider\AbstractHandshake.java}}}
 there is a function called {{{generateMasterSecret()}}} which seems to be
 responsible for generating the session key according to TLS/SSL spec. This
 one is of course well hidden behind the whole public SSL/TLS Java API and
 it would be quite hard to mess with this and inject a predefined session
 key, IMHO.

 Does ProFTPd skip the handshake altogether on the second connection? Or
 how do they intend to make that connection reuse the session key? Is this
 still a valid/spec-compliant TLS session in this case or do they deviate
 from the protocol? Are there actually FTP client implementations who
 manage to do that?

Ticket URL: <http://trac.cyberduck.ch/ticket/5087#comment:7>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV, Cloud Files, Google Docs, Azure and S3 Browser for Mac OS X.

More information about the Cyberduck-trac mailing list