TLS1.3 Session Resumption on server-side with QSslSockets

rawide

Hi,
Is there any way to use session resumption on a QSslSocket which is in server-mode and refuse all connections which don't reuse a specific connection from another QSslSocket?

In TLS1.3 you can use session tickets to resume an already established session. I need to open different SslServers that reuse only a certain session. The use case here is to secure a FTP-Data-Connection.

In FTP there is the PASV-Command, which tells the client to connect to a certain IP and Port to send or receive data (e.g. a file). But the problem is, that at that time an attacker can connect to this IP and Port earlier than the client itself and "steal" the connection. Just checking the IP of the client is not enough because of NAT or IP address spoofing.

So to really secure that connection, you can only use TLS Session Resumption, where the Session Ticket of the command connection to the Client gets reused by the data connection. However, I can not find any useful information on this subject in Qt except for https://bugreports.qt.io/browse/QTBUG-81591, which says that QSslSocket supports "client-side session resumption using session tickets".

I'm testing the connection with FileZilla-Client, which explicitly warns you about the server not using TLS Session Resumption.

Thanks in advance for any help.

PS: I'm using OpenSSL as the backend and Qt 5.15.2 MinGW 64-bit.

Things I've tried:

• Set the session ticket of the old socket (the socket of which the connection should be reused) as the QSslConfiguration on the new socket (server-side) before encrypting the new socket. This just fails to connect without any sslError (after waitForEncrypted is called the socket is not open, see the code below). The QSsl::SslOptionDisableSessionPersistence was set to false on both sockets. Theoretically, with TLS1.3 the server should not have to save the session ticket, but I need to refuse all connection attempts which don't reuse the session of the old socket.
• Search for SSLBackendOptions (https://doc.qt.io/qt-5/qsslconfiguration.html#setBackendConfigurationOption). In the available Options I did not find anything useful related to server-side session resumption.
• TLS1.2 but with TLS1.2 just every connection gets accepted and I cannot refuse connections which don't use the specific session ticket.

This is a minimal example of the reuse of the session ticket on the server side but it is not working. On the client side, I connect to the first server, store the session ticket in a variable and reuse (set) the session ticket in the QSslConfiguration before connecting to the second server with a new socket.

Server::Server()
{
    //This sets sslConfiguration.setProtocol(QSsl::TlsV1_3OrLater);
    //and sslConfiguration.setSslOption(QSsl::SslOption::SslOptionDisableSessionPersistence, false);
    //and the needed certificate and private key for tls.
    EncryptionUtils::startEncryptionForServer(&m_server, "Testserver");

    connect(&m_server, SIGNAL(newConnection()), this, SLOT(newConnection()));
    m_server.listen(QHostAddress::Any, 10000);
}

void Server::newConnection()
{
    QSslSocket* newSocket = m_server.nextPendingConnection();
    newSocket->waitForEncrypted();

    QByteArray sessionTicket = newSocket->sslConfiguration().sessionTicket();

    EncryptionUtils::startEncryptionForServer(&m_serverOnlySameSession, "TestserverOnlySameSession");

    QSslConfiguration config = m_serverOnlySameSession.sslConfiguration();
    config.setSessionTicket(sessionTicket);
    m_serverOnlySameSession.setSslConfiguration(config);

    connect(&m_serverOnlySameSession, SIGNAL(newConnection()), this, SLOT(newConnectionSameSession()));
    m_serverOnlySameSession.listen(QHostAddress::Any, 10001);
}

void Server::newConnectionSameSession()
{
    QSslSocket* newSocket = m_serverOnlySameSession.nextPendingConnection();
    newSocket->waitForEncrypted();

    qDebug() << newSocket->sslHandshakeErrors(); // ()
    qDebug() << newSocket->state(); // QAbstractSocket::UnconnectedState
}