Author Ye.Wang
Recipients Ye.Wang
Date 2013-11-05.04:02:08
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
According to RFC4217 (Securing FTP with TLS, aka the FTPS spec),

"  It is reasonable for the server to insist that the data connection
   uses a TLS cached session.  This might be a cache of a previous data
   connection or of a cleared control connection.  If this is the reason
   for the refusal to allow the data transfer, then the '522' reply
   should indicate this.

   Note: This has an important impact on client design, but allows
   servers to minimize the cycles used during TLS negotiation by
   refusing to perform a full negotiation with a previously
   authenticated client."

It appears that vsftpd server implemented exactly that by enforcing the "SSL session reuse between the control and data connection".

Looking at the source of Python core library, there isn't any regard to the idea of SSL session reuse between data connection vs. control connection (correct me if I am wrong here. I've tried FTP_TLS.transfercmd(cmd[, rest])ΒΆ, didn't work). 

This issue is well documented on other FTP clients that supports FTPS, I.E. WinSCP:

See test log file attached. A vsftpd server with "require_ssl_reuse" set to true in vsftpd.conf would do the trick and can be reproduced.
Date User Action Args
2013-11-05 04:02:11Ye.Wangsetrecipients: + Ye.Wang
2013-11-05 04:02:10Ye.Wangsetmessageid: <>
2013-11-05 04:02:10Ye.Wanglinkissue19500 messages
2013-11-05 04:02:09Ye.Wangcreate