There is an issue with the python FTPS module in the standard library which appears to be related to SSL session reuse. I noticed when I updated to a recent version of Pure-FTPd (1.0.42), python's FTPS library client stopped working and generated an error in the ssl unwrap call when a data connection is opened after prot_p() is used. Checking the change log on that version of Pure-FTPd, there is this note:

- The ONLY_ACCEPT_REUSED_SSL_SESSIONS switch (introduced in Pure-FTPd
1.0.22 circa 2009, but disabled back then due to client compatibility
concerns) is now on by default, except in broken clients compatibility mode.

Turning on the broken clients compatibility mode in pure-ftpd makes the Python client work again, so I'm surmising this is related to pure-ftpd forcing SSL session reuse. My question is, is this something the Python standard library should detect, or is it a problem lower in the stack (i.e., libssl?) Incidentally, I can reproduce this behavior on Python 2.7 as well.


Steps to reproduce:

import ftplib
ftp = ftplib.FTP_TLS(ftphost, ftpuser, ftppass)
ftp.prot_p()
ftp.retrbinary('RETR ' + cmofile, infile.write)

Traceback (most recent call last): 
File "/home/dwaites/bin/mysqlload.py", line 212, in 
main() 
File "/home/dwaites/bin/mysqlload.py", line 155, in main 
site.retrbinary('RETR ' + cmofile, infile.write) 
File "/usr/lib/python3.4/ftplib.py", line 449, in retrbinary 
conn.unwrap() 
File "/usr/lib/python3.4/ssl.py", line 788, in unwrap 
s = self._sslobj.shutdown() 
OSError: [Errno 0] Error