Technical Blog Post
FTP SSL/TLS session resumption / reuse support in Sterling B2B Integrator
You may see the following error:
450 TLS session of data connection has not resumed or the session does not match the control connection
Currently, SSL/TLS session resumption / reuse is not supported that Sterling B2B Integrator 5.2.6+ build as the client connecting to the remote FTP server.
In short, from our research, here is our L3 team's reply:
The security provider IBMJSSE we are using does not support SSL resumption for same host and different ports.
For example, we can't avoid this error if the remote FTP server requires reuse of the session opened for control channel. This error message is from the FTP server and SI acts as a client.
In order to workaround the issue, the server side needs be able to disable session resumption / reuse.
Please note that in general, the issue is not a security risk. But, rather, it is more on the performance side of things.
Your SI build uses IBM JDK/JSSE. It is currently a limitation on IBM JSSE involved.
Currently, there is no API available in JSEE for reuse of SSL session for different ports.
The security provider we use from SB2BI 5.2.6.x build and above uses IBMJSSE that does not support SSL resumption for same host and different ports.
IBM uses Oracle's specification for SSL implementation and Oracle is not willing to support this.
The technote IT14521 showed fixes that we have to allow session reuse and that only applies to a lower SB2BI build that uses certicom as the security provider.
i.e. 5.2.5_12+ uses Certicom as security provider and 5.2.6.x uses IBM as security provider
We can reproduce the issue with FileZilla server as an example with the following test result:
FileZilla Server custom port range from 5000 to 5050
enabling PROT P
enabling TLS Session Resumption
==> getting error: 450 TLS session of data connection has not resumed or
the session does not match the control connection.
So the issue is with the above case where we would get the "450" error from the server.