Knowledgebase
Server did not properly shutdown SSL connection
Posted by Van Glass on 23 July 2009 10:38 AM
In JSCAPE MFT Server Manager under the Services > FTP panel there is a "Shutdown SSL for data connection" option. This option, if enabled, ensures that JSCAPE MFT Server performs a proper shutdown of SSL data connections as is mandatory per SSL specifications. The only reason you may wish to disable this option is to support an older client that does not expect a proper shutdown of SSL data connection. This does however have a potential of causing problems for newer FTPS clients. This is explained in more detail below.

Some older SSL clients do not check whether an SSL data connection has been properly shutdown. This is a known security vulnerability in the client which has been patched by most newer versions of client software. However, some older clients have a bug in that a proper shutdown of SSL data connection by the server actually causes an error to be raised in the client software.

The above mentioned security vulnerability has been resolved by newer versions of client software such that the client will check that the server performs a proper shutdown of SSL data connections. If not, the client will throw an error. Unfortunately, ENABLING the "Shutdown SSL for data connection" option in JSCAPE MFT Server can cause an error in some older clients that don't expect the server to properly shutdown SSL data connections. Additionally, with the option DISABLED, newer clients that check for proper shutdown will fail. Unfortunately since it is the client that performs this validation, tuning the server to support clients with and without the vulnerability is not possible.

Note that this is not an issue specific to JSCAPE MFT Server, but applies to all FTPS server vendors. The only recommended recourse is to require your users upgrade to a client that checks for proper SSL data connection shutdown.
(372 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

Help Desk Software by Kayako fusion