[Cyberduck-trac] [Cyberduck] #10276: FTP-SSL on OS X 10.13.3 not listing files

Cyberduck trac at cyberduck.io
Wed Mar 21 09:52:15 UTC 2018 

#10276: FTP-SSL on OS X 10.13.3 not listing files
---------------------------------+------------------------------
 Reporter:  uwallrodt            |         Owner:  dkocher
     Type:  defect               |        Status:  new
 Priority:  normal               |     Milestone:  7.0
Component:  ftp                  |       Version:  Nightly Build
 Severity:  blocker              |    Resolution:
 Keywords:  FTP-SSL, OS X 10.13  |  Architecture:  Intel
 Platform:  macOS 10.13          |
---------------------------------+------------------------------

Comment (by yla):

 Caused by the JRE update in Cyberduck (8u162) and the added extended
 master secret extension support. From the release notes

 > Added TLS session hash and extended master secret extension support
 > Support has been added for the TLS session hash and extended master
 secret extension (RFC 7627) in JDK JSSE provider. Note that in general,
 server certificate change is restricted if endpoint identification is not
 enabled and the previous handshake is a session-resumption abbreviated
 initial handshake, unless the identities represented by both certificates
 can be regarded as the same. However, if the extension is enabled or
 negotiated, the server certificate changing restriction is not necessary
 and will be discarded accordingly. In case of compatibility issues, an
 application may disable negotiation of this extension by setting the
 System Property jdk.tls.useExtendedMasterSecret to false in the JDK. By
 setting the System Property jdk.tls.allowLegacyResumption to false, an
 application can reject abbreviated handshaking when the session hash and
 extended master secret extension is not negotiated. By setting the System
 Property jdk.tls.allowLegacyMasterSecret to false, an application can
 reject connections that do not support the session hash and extended
 master secret extension.

 Not sure though if the issue is caused by a buggy JRE implementation or if
 it's a server-side issue handling the extension. Do you know the version o
 Pure-FTPd and the openssl library it's linked against?

--
Ticket URL: <https://trac.cyberduck.io/ticket/10276#comment:3>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list