I'm open source developer implementing FTP client (WinSCP).
I'm trying to resume TLS/SSL session from the FTP control socket on the transfer socket. Some FTP servers started to require this.
E.g. vsftpd:
https://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html
I'm using OpenSSL to implement SSL layer.
I've tried the obvious way to implement the session resume, i.e. to use SSL_get1_session and SSL_set_session, like here:
https://www.linuxjournal.com/article/5487
Though it does not work. I'm still not able to connect to any FTP server requiring TLS session resume (like the vsftpd).
I have suspicion that the problem may be due to in my case, there are two parallel TLS connections, which cannot share the same TLS session. Which is different to the example on linuxjournal.com, where the first connection is closed before the other is opened.
I have also tried several ways to clone the session, e.g. using i2d_SSL_SESSION/d2i_SSL_SESSION. Didn't help either.
I'm really stuck here.
Thanks in advance for any help.
Using the SSL_get1_session and the SSL_set_session worked in the end. I must have used them incorrectly when trying the first time.
Once the TLS/SSL session on the control connection is established, use SSL_get1_session to retrieve the session.
SSL_set_info_callback, when where & SSL_ST_CONNECT.SSL_version >= TLS1_3_VERSION), I had to use SSL_CTX_set_session_cache_mode with SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE | SSL_SESS_CACHE_NO_AUTO_CLEAR, and use a callback set by SSL_CTX_sess_set_new_cb.Call the SSL_set_session with the reference to the control connection session, when setting up TLS/SSL session for the data connection.