SSLSocketImpl.startHandshake() throws SSLHanshakeException/EOFException when resuming cached sessions

Using Apache FTPSClient to listFiles(String)....

The aplication crashes sometimes after resuming an SSL Session and then calling sslSocketImpl.startHandshake() from the Apache FTPSClient code.

I set javax.net.debug to print the ssl information... System.setProperty("javax.net.debug", "all");

And this is what I get.

%% Client cached [Session-3, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
%% Try resuming [Session-3, SSL_RSA_WITH_3DES_EDE_CBC_SHA] from port 4149
*** ClientHello, TLSv1
....
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT:  fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28                               ......(
main, called closeSocket()
[Mon Aug 30 17:41:52 PDT 2010][class com.smgtec.sff.fileupload.poller.BasicFTPAccess] - Could not list directory: sqjavax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:808)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHand开发者_运维知识库shake(SSLSocketImpl.java:1096)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
 at com.smgtec.sff.fileupload.poller.FixedFTPSClient._openDataConnection_(FixedFTPSClient.java:525)
 at org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:2296)
 at org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:2269)

Padded plaintext before ENCRYPTION:  len = 32
0000: 50 41  at org.apache.commons.net.ftp.FTPClient.listFiles(FTPClient.java:2046)
 at com.smgtec.sff.fileupload.poller.BasicFTPAccess.listFiles(BasicFTPAccess.java:100)
 at com.smgtec.sff.fileupload.poller.FTPPoller.addFileForProcessing(FTPPoller.java:67)
 at com.smgtec.sff.fileupload.poller.FTPPoller.main(FTPPoller.java:385)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
 at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
 at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
 ... 10 more

We also have jscape FTPS client here and it produces the same problem.

---

I suggest you include some retry logic in your FTPPoller - it looks like the host is closing the connection rather than your code. We used to see occasional connection closed by remote host errors which are best handled by simply retrying.

---

I solved it like this using SSLSession.invalidate() it seems to work now... although we aren't using FTPS anymore. If this is a true solution there is a problem in Apache commons-net FTPSClient or the FTP Server we are connecting to.

ftp = new FTPSClient() 
      {
        private Socket socket;

        protected Socket _openDataConnection_(int command, String arg) throws IOException
        {
          if (socket != null && socket instanceof SSLSocket)
          {
            // We have problems resuming cached SSL Sessions. Exceptions are
            // thrown and the system crashes... So we invalidate each SSL
            // session we used last.
            SSLSocket sslSocket = (SSLSocket) socket;
            sslSocket.getSession().invalidate();
          }
          socket = super._openDataConnection_(command, arg);
          return socket;
        }
      };

BTW I believe we were connecting to a FileZilla FTP server. I suspect this fix will cause more network chatter passing back and forth keys/certs and so forth.