堆栈内存溢出
  简体   繁体   English

TIdFTP 恢复 TLS session 的数据连接

[英]TIdFTP resumption TLS session of data connection

 原文  2023-04-11 15:15:15       delphi/ delphi-11-alexandria

问题描述

How to enable TLS session resumption of data connection with TIdFTP ?如何启用 TLS session 恢复与TIdFTP的数据连接?

I am using Indy 10.6.2.0 that's shipped with Delphi 11.2 Embarcadero® RAD Studio 11 Version 28.0.46141.0937我正在使用 Delphi 11.2 Embarcadero® RAD Studio 11 版本 28.0.46141.0937 附带的 Indy 10.6.2.0

Edit 2023-04-12T06:41:35.496Z编辑 2023-04-12T06:41:35.496Z

implementation

uses
  IdFTP, IdSSLOpenSSL, IdExplicitTLSClientServerBase, IdFTPCommon;

procedure DoSomething;
var
  ftp: TIdFTP;
  ssl: TIdSSLIOHandlerSocketOpenSSL;
begin
  ftp := TIdFTP.Create;
  try
    ssl := TIdSSLIOHandlerSocketOpenSSL.Create(ftp);
    ssl.SSLOptions.SSLVersions := [sslvTLSv1_2];
    ftp.IOHandler := ssl;

    ftp.Host := 'myhost';
    ftp.Port := 21;
    ftp.Username := 'myuser';
    ftp.Password := 'mytopsecretpassword';
    ftp.Passive := true;
    ftp.UseTLS := utUseExplicitTLS;
    ftp.AUTHCmd := tAuthTLS;
    ftp.DataPortProtection := ftpdpsPrivate;

    ftp.Connect;

    if ftp.Connected then begin
      ftp.Put('C:\temp\test1.dat', 'test1.dat');
      ftp.Put('C:\temp\test2.dat', 'test2.dat');
    end;

    ftp.Disconnect;
  finally
    ftp.Free;
  end;
end;

I get still the message:我仍然收到消息:

---------------------------
Ftpssessionresumption
---------------------------
Unable to build data connection: TLS session of data connection not resumed.
---------------------------
OK   
---------------------------

This is the log from FileZilla Server:这是来自 FileZilla Server 的日志:

<Date> Info [Type] Message
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Response] 220-FileZilla Server 1.6.7
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Response] 220-Please visit https://filezilla-project.org/
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Command] HOST myhost
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Response] 500 Wrong command.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Command] AUTH TLS
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Response] 234 Using authentication type TLS.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Command] USER myuser
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Response] 331 Please, specify the password.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Command] PASS ****
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 230 Login successful.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] FEAT
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 211-Features:
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 211 End
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] OPTS UTF8 ON
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 202 UTF8 mode is always enabled. No need to send this command
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] TYPE A
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 200 Type set to A
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] SYST
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 215 UNIX emulated by FileZilla.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] TYPE A
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 200 Type set to A
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] PBSZ 0
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 200 PBSZ=0
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] PROT P
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 200 Protection level set to P
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] PASV
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 227 Entering Passive Mode (192,168,10,24,198,132)
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] STOR test1.dat
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 150 About to start data transfer.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Error] TLS session of data connection not resumed.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 425 Unable to build data connection: TLS session of data connection not resumed.
<12-04-2023 08:35:13> FTP Server [Status] Session 1438 ended gracefully.

2 个解决方案

解决方案1
 2 已采纳  2023-04-11 17:45:22

Indy does not natively support resuming of TLS sessions at this time (see this ticket ).此时 Indy 本身不支持恢复 TLS 会话(请参阅此票证)。

However, if:但是,如果:

  • the command connection is protected by TLS命令连接受 TLS 保护
  • and TIdFTP.DataPortProtection is set to ftpdpsPrivate并且TIdFTP.DataPortProtection设置为ftpdpsPrivate
  • and TIdFTP.Passive is True (but not False !) TIdFTP.PassiveTrue (但不是False !)

Then TIdSSLIOHandlerSocketOpenSSL should copy the TLS session ID of the command connection into each new data connection TLS session. That is the closest Indy comes to resuming sessions.然后TIdSSLIOHandlerSocketOpenSSL应该将命令连接的 TLS session ID 复制到每个新的数据连接 TLS session 中。这是 Indy 最接近恢复会话的时间。

If you want to try enabling session reuse manually, you can use the TIdFTP.OnDataChannelCreate and TIdFTP.OnDataChannelDestroy events to access the TIdSSLIOHandlerSocketOpenSSL object of the current data connection.如果您想尝试手动启用 session 重用,可以使用TIdFTP.OnDataChannelCreateTIdFTP.OnDataChannelDestroy事件访问当前数据连接的TIdSSLIOHandlerSocketOpenSSL object。 You will have to invoke the relevant OpenSSL session APIs to get the session ID from an old data connection and apply it to a new data connection.您将必须调用相关的 OpenSSL session API 以从旧数据连接获取 session ID 并将其应用于新数据连接。

You can use SSL_SESSION_get_id() to get the current ID of a TLS session (wrapped by TIdSSLIOHandlerSocketOpenSSL.SSLSocket.GetSessionID() ).您可以使用SSL_SESSION_get_id()获取 TLS session 的当前 ID(由TIdSSLIOHandlerSocketOpenSSL.SSLSocket.GetSessionID()包装)。 However, TIdSSLIOHandlerSocketOpenSSL only supports up to OpenSSL 1.0.2, but SSL_SESSION_set1_id() was not added until OpenSSL 1.1.0.但是TIdSSLIOHandlerSocketOpenSSL最多只支持OpenSSL 1.0.2,而SSL_SESSION_set1_id()直到OpenSSL 1.1.0才加入。 The above scenario uses SSL_copy_session_id() instead to copy a session ID from one TLS session to another, so that would not work to copy a session ID from one data connection to another, since there is only 1 data connection active at a time.上述场景使用SSL_copy_session_id()而不是将 session ID 从一个 TLS session 复制到另一个,因此将 session ID 从一个数据连接复制到另一个数据连接是行不通的,因为一次只有一个数据连接处于活动状态。

解决方案2
 0  2023-06-03 18:14:25

I use TIdFTP for an outbound data connection with passive mode and ftpdpsPrivate as DataPortProtection and I still get the error that the TLS session of the data connection could not be resumed我将 TIdFTP 用于被动模式的出站数据连接,并将 ftpdpsPrivate 用作 DataPortProtection,但我仍然收到无法恢复数据连接的 TLS session 的错误

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Indy TIdFTP - EIdReplyRFCError - “无法打开数据连接” - Indy TIdFTP - EIdReplyRFCError - "Can't open data connection" 使用TIdFTP进行Delphi连接测试 - Delphi connection test with TIdFTP 如何使用 TIdFTP 进行 sFTP - How to sFTP with TIdFTP 如何使用SSL配置TidFTP? - How to configure TidFTP with SSL? Indy TIdFTP SSL 未知证书 - Indy TIdFTP SSL unknown certificate 上传后TIdFTP损坏的文件 - TIdFTP corrupted file after upload Delphi 7 TIdFTP FTP安全(密码保护) - Delphi 7 TIdFTP FTP security (password protection) 使用TIdFTP Delphi更改FTP中的文件权限 - Change file permission in FTP using TIdFTP Delphi 如何加密 FireDAC 连接以在 Delphi 中使用 TLS/SSL? - How to encrypt FireDAC connection to use TLS/SSL in Delphi? TIdFTP.GET,引用远程文件夹中文件的正确方法是什么? - TIdFTP.GET, What is the correct way to refer to the file in the remote folder?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM