Error when using SSL to connect to Apache FtpServer

Question

I'm trying to set up a simple test FTP server using Apache FtpServer, and I'm having trouble configuring to use SSL.

Following the Apache FtpServer documentation, here is what my code looks like so far:

        FtpServerFactory ftpServerFactory = new FtpServerFactory();
        ListenerFactory listenerFactory = new ListenerFactory();
        listenerFactory.setPort(990);
        listenerFactory.setServerAddress("example.com");

        SslConfigurationFactory sslConfigurationFactory = new SslConfigurationFactory();
        sslConfigurationFactory.setKeystoreFile(JKS);
        sslConfigurationFactory.setKeystorePassword(JKS_PASS);
        listenerFactory.setSslConfiguration(sslConfigurationFactory.createSslConfiguration());
        listenerFactory.setImplicitSsl(true);

        ftpServerFactory.addListener("default", listenerFactory.createListener());

        PropertiesUserManagerFactory userManagerFactory = new PropertiesUserManagerFactory();
        userManagerFactory.setFile(USERS_PATH.toFile());

        BaseUser test = new BaseUser();
        sample1.setName("test");
        sample1.setPassword("test");
        sample1.setHomeDirectory(HOME.getAbsolutePath().toString());
        test.setAuthorities(List.of(new WritePermission());

        UserManager userManager = userManagerFactory.createUserManager();
        try {
            userManager.save(test);
        }
        catch (FtpException e) {
            e.printStackTrace();
        }

        ftpServerFactory.setUserManager(userManager);

        FtpServer server = ftpServerFactory.createServer();
        try {
            server.start();
        }
        catch (FtpException e) {
            e.printStackTrace();
        }

When I try to connect to the FTPS server, I get this error from the server:

[main] INFO org.apache.ftpserver.impl.DefaultFtpServer - FTP server started
[NioProcessor-1] WARN org.apache.mina.util.DefaultExceptionMonitor - Unexpected exception.
org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): sslFilter:SslFilter in (0x00000002: nio socket, server, /2.51.214.102:50475 => /142.93.208.41:990)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:465)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.addLast(DefaultIoFilterChain.java:234)
    at org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder.buildFilterChain(DefaultIoFilterChainBuilder.java:553)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.addNow(AbstractPollingIoProcessor.java:832)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.handleNewSessions(AbstractPollingIoProcessor.java:752)
    at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:652)
    at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.lang.IllegalArgumentException: Unsupported protocolTLS
    at java.base/sun.security.ssl.ProtocolVersion.namesOf(ProtocolVersion.java:292)
    at java.base/sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:798)
    at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:184)
    at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:458)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:463)
    ... 9 more

From my client (FileZilla), I get this error:

Status:         Resolving address of itgsiatest.duss.app
Status:         Connecting to 142.93.208.41:990...
Status:         Connection established, initializing TLS...
Status:         Connection attempt failed with "ECONNRESET - Connection reset by peer".
Error:          Could not connect to server

Is there anything I missed?

Answer 1

1. I assume you have managed to setup the FTP server without encryption standalone.
2. I assume you have managed to set the FTP server with encryption standalone.
3. I assume you have managed to setup the FTP server without encryption embedded.
4. Now you are trying to combine encryption and embedding. As you correctly point out, this is also documented on step 3 and it seems your code directly follows the guide.

Yet the exception occurs when a client connects, and both client and server try to initialize the TLS handshake, which fails miserably on the server side. So something is still not right, and you need to search in the TLS area.

Have you checked your keystore content? Does it exist? Does it contain the correct certificate? Does it contain several certificates? What are their aliases? How come in your code you do not have to specify which certificate shall be used? (the full documentation on the keystore element mentions a 'key alias', which could be set using this method.

The other thing to check is why in your log so many protocols should get ignored. What protocols remain to be used in the end?