TLS Session Resumption with TLSv1.3 (but older as well while we're at it)

Lothar Kimmeringer job at
Mon Dec 16 18:03:09 UTC 2019


I'm having a lot of trouble with Java and the implementation of
an FTPS-client that can work with most of the FTPS servers out
there that require the data connection to be established with
TLS session resumption of the control channel's session. Because
the control channel is a different port (but the same host), the
JSSE mechanism to find a reusable session didn't work and
FTPS-transfers failed.

I'm not alone with this[1] and the solution with Java 7 and 8
was going "deeply reflective" and fiddle with the
sessionPortHostCache in the SSLSocket's sslContext. While
it's ugly and obviously a thing to break sooner or later, it
worked and kept data transfers "out there" functioning.

With Java 11 this "fix" doesn't work anymore as soon as TLSv1.3
is negotiated between client and server and even while
I might be able to come up with a new hack that might only
buy me some time until a future release of Java prevents the
access to the context's internals. So I'd like to ask questions
first, maybe there is a less brutal solution than the one,
the world of Java seemed to be currently using:

  - Is there a better way to ensure that a particular session
    is used for session resumption?
  - With [2] I have the impression that with TLSv1.3 session
    resumption only works once. Is that enforced by the standard
    or a JSSE-decision. If the former, that would mean that FTPS
    can't use TLSv1.3 (which would solve my problem at least in
    that direction ;-) because it's common that there are plenty
    of data connections being opened during an FTP-session
  - Also with [2] (but found that out myself as part of my
    JUnit-Tests), the session id that is reported to the server
    differs for the original ssl socket and the new one that
    got created after a session resumption. Is it still the
    case as it was 1.5 years ago that the create time is the
    only thing that allows you to check if two sessions are
    "the same"? I see potential attack vectors here for MITM
    attacks if System.currentTimeMillis isn't precise down
    to the millisecond.

Talking the world out of using FTPS is out of the order in my
eyes, so whatever the answers are here, I'll have to find a
solution here.

Thanks and best regards,

Lothar Kimmeringer


More information about the security-dev mailing list