[gnutls-devel] GnuTLS | TLS1.3 new session ticket GNUTLS_E_PUSH_ERROR (#1444)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sun Jan 1 18:41:31 CET 2023

Neelabh Mam created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1444


With my libssl-1_1 based FTPS client I am facing an issue with TLS1.3 session reuse when I connect to Windows filezilla FTP server (based on gnutls). I am able to generally connect using FTPS and get the initial directory listing over data channel. I am also able to manually browser FTP directories without any issues, for extended periods of time. Every directory list operation uses a new data channel connection where the control channel session gets reused successfully. I can see the server sending new session tickets over cc periodically.. everything runs fine and the user is able to browsing manually.

Now, today I implemented recursive directory list operation that would basically traverse and list all directories from a selected root directory. As part of testing this scheme, I executed the new workflow against the "C:\Windows" folder (~120k directories to be listed) and it ran fine for around a minute or so but then at one point the server disconnects the control channel. This is what the FZ log says. Wireshark sniff confirms that it is indeed the server which initiates the control channel reset.


now the thing is, FZ's own FTPS client (again based on gnutls) apparently runs fine with a similar workflow of it own. With my libssl implementation, I have a new session ticket callback which keeps pushing new session tickets, which I get from the server, in a vector and then every data channel uses the latest one and it works fine for about a minute or so.. I had a look at gnutls sources but couldn't isolate the circumstance under which the server would throw this GNUTLS_E_PUSH_ERROR error. FZ server just maps this -53 to a generic ECONNABORTED error. I was wondering if anyone could please advise on what could possibly be going wrong here ? Thanks


Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1444
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230101/fd56d004/attachment.html>

More information about the Gnutls-devel mailing list