<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en" style='--code-editor-font: var(--default-mono-font, "Menlo"), DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style data-premailer="ignore" type="text/css">
a { color: #1068bf; }
</style>
<style>img {
max-width: 100%; height: auto;
}
body {
font-size: 0.875rem;
}
body {
-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;
}
body {
font-family: var(--default-regular-font, -apple-system),BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;
}
</style>
</head>
<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: var(--default-regular-font, -apple-system),BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>
<div class="content">
<p class="details" style="font-style: italic; color: #737278;">
<a href="https://gitlab.com/n-mam">Neelabh Mam</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1444">#1444</a>
</p>
<div class="md" style="color: #333238; word-wrap: break-word;">
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">Hi,</p>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">With my libssl-1_1 based FTPS client I am facing an issue with TLS1.3 session reuse when I connect to Windows filezilla FTP server (based on gnutls). I am able to generally connect using FTPS and get the initial directory listing over data channel. I am also able to manually browser FTP directories without any issues, for extended periods of time. Every directory list operation uses a new data channel connection where the control channel session gets reused successfully. I can see the server sending new session tickets over cc periodically.. everything runs fine and the user is able to browsing manually.</p>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">Now, today I implemented recursive directory list operation that would basically traverse and list all directories from a selected root directory. As part of testing this scheme, I executed the new workflow against the "C:\Windows" folder (~120k directories to be listed) and it ran fine for around a minute or so but then at one point the server disconnects the control channel. This is what the FZ log says. Wireshark sniff confirms that it is indeed the server which initiates the control channel reset.</p>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial"><a class="no-attachment-icon gfm" href="https://gitlab.com/gnutls/gnutls/uploads/805163284b96b68a7f50ecb749327626/image.png" target="_blank" rel="noopener noreferrer" data-canonical-src="/uploads/805163284b96b68a7f50ecb749327626/image.png" data-link="true" style="margin-top: 0;"><img src="https://gitlab.com/gnutls/gnutls/uploads/805163284b96b68a7f50ecb749327626/image.png" alt="image" data-canonical-src="/uploads/805163284b96b68a7f50ecb749327626/image.png" class="gfm" style="max-width: 100%; height: auto; margin: 0 0 8px;"></a></p>
<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">now the thing is, FZ's own FTPS client (again based on gnutls) apparently runs fine with a similar workflow of it own. With my libssl implementation, I have a new session ticket callback which keeps pushing new session tickets, which I get from the server, in a vector and then every data channel uses the latest one and it works fine for about a minute or so.. I had a look at gnutls sources but couldn't isolate the circumstance under which the server would throw this GNUTLS_E_PUSH_ERROR error. FZ server just maps this -53 to a generic ECONNABORTED error. I was wondering if anyone could please advise on what could possibly be going wrong here ? Thanks</p>
<p dir="auto" style="color: #333238; margin: 0;" align="initial">Neelabh</p>
</div>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #737278;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1444">view it on GitLab</a>.
<br>
You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://gitlab.com">gitlab.com</a>. <a href="https://gitlab.com/-/sent_notifications/2f760c944e684b87e15f78404cbc360d/unsubscribe" target="_blank" rel="noopener noreferrer">Unsubscribe</a> from this thread · <a href="https://gitlab.com/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://gitlab.com/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1444"}}</script>
</p>
</div>
</body>
</html>