Topic: SSL Session Reuse
I am asking if I can use the C++ or even the C# library for "session reuse".
A customer is use SFTP, that old protocol on port 990. I don't have any control over them, so I have to deal with it.
I already have an FTPES client in C#. I adapted it for this with little problem. It is using the MS SslStream object.
To internal testing, until I can get to the customer server, I installed FileZilla server.
I am getting a failure "450 TLS session of data connection has not resumed or the session does not match the control connection"
(This is to prevent another attacker connecting to the data port and hijacking to connection... I actually wonder why such a requirement is not part of FTPES as well)
I can eliminate the failure by un-checking the requirement. But I have no control over what setting the customer is using.
(Apparently there is no way to put an image into this post... :-( )
So, I can find zero support for "session reuse in the C# SslStream object, except that Microsoft claims it already does it. I guess it will not reuse the session if the previous one (in this case the control port) is still open.
So, in summary, my question is:
Is there a way to tell the WolfSSL library in C++ or C# that when it opens a new connection it should reuse a session?
If so, how?
<Code shown is not to scale>