[Cyberduck-trac] [Cyberduck] #10276: FTP-SSL on OS X 10.13.3 not listing files
Cyberduck
trac at cyberduck.io
Wed Mar 21 09:52:15 UTC 2018
#10276: FTP-SSL on OS X 10.13.3 not listing files
---------------------------------+------------------------------
Reporter: uwallrodt | Owner: dkocher
Type: defect | Status: new
Priority: normal | Milestone: 7.0
Component: ftp | Version: Nightly Build
Severity: blocker | Resolution:
Keywords: FTP-SSL, OS X 10.13 | Architecture: Intel
Platform: macOS 10.13 |
---------------------------------+------------------------------
Comment (by yla):
Caused by the JRE update in Cyberduck (8u162) and the added extended
master secret extension support. From the release notes
> Added TLS session hash and extended master secret extension support
> Support has been added for the TLS session hash and extended master
secret extension (RFC 7627) in JDK JSSE provider. Note that in general,
server certificate change is restricted if endpoint identification is not
enabled and the previous handshake is a session-resumption abbreviated
initial handshake, unless the identities represented by both certificates
can be regarded as the same. However, if the extension is enabled or
negotiated, the server certificate changing restriction is not necessary
and will be discarded accordingly. In case of compatibility issues, an
application may disable negotiation of this extension by setting the
System Property jdk.tls.useExtendedMasterSecret to false in the JDK. By
setting the System Property jdk.tls.allowLegacyResumption to false, an
application can reject abbreviated handshaking when the session hash and
extended master secret extension is not negotiated. By setting the System
Property jdk.tls.allowLegacyMasterSecret to false, an application can
reject connections that do not support the session hash and extended
master secret extension.
Not sure though if the issue is caused by a buggy JRE implementation or if
it's a server-side issue handling the extension. Do you know the version o
Pure-FTPd and the openssl library it's linked against?
--
Ticket URL: <https://trac.cyberduck.io/ticket/10276#comment:3>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list