Spring Integration DefaultFtpsSessionFactory

Question

This configuration worked perfectly for me before we upgraded the spring boot to 2.4.2 version.

    DefaultFtpsSessionFactory sessionFactory = new DefaultFtpsSessionFactory();
    sessionFactory.setHost("host");
    sessionFactory.setUsername("username");
    sessionFactory.setPassword("password");
    sessionFactory.setPort(21);
    sessionFactory.setClientMode(FTPClient.PASSIVE_LOCAL_DATA_CONNECTION_MODE);
    sessionFactory.setControlEncoding("UTF-8");

Currently I am facing following exception :

javax.net.ssl.SSLException: Unsupported or unrecognized SSL message

I was not able to find anything in the documentation.

Thanks for answers.

Edit 1#:

@ArtemBilan here, is the stack trace:

Caused by: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
    at sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(SSLSocketInputRecord.java:439) ~[?:?]
    at sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:184) ~[?:?]
    at sun.security.ssl.SSLTransport.decode(SSLTransport.java:108) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063) ~[?:?]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402) ~[?:?]
    at org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:642) ~[commons-net-3.7.jar:3.7]
    at org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:790) ~[commons-net-3.7.jar:3.7]
    at org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:3456) ~[commons-net-3.7.jar:3.7]
    at org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:3386) ~[commons-net-3.7.jar:3.7]
    at org.apache.commons.net.ftp.FTPClient.listFiles(FTPClient.java:3063) ~[commons-net-3.7.jar:3.7]
    at org.springframework.integration.ftp.session.FtpSession.list(FtpSession.java:74) ~[spring-integration-ftp-5.4.3.jar:5.4.3]
    at org.springframework.integration.ftp.session.FtpSession.list(FtpSession.java:45) ~[spring-integration-ftp-5.4.3.jar:5.4.3]
    at org.springframework.integration.file.remote.session.CachingSessionFactory$CachedSession.list(CachingSessionFactory.java:225) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.file.remote.gateway.AbstractRemoteFileOutboundGateway.listFilesInRemoteDir(AbstractRemoteFileOutboundGateway.java:948) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.file.remote.gateway.AbstractRemoteFileOutboundGateway.ls(AbstractRemoteFileOutboundGateway.java:913) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.ftp.gateway.FtpOutboundGateway.lambda$ls$0(FtpOutboundGateway.java:209) ~[spring-integration-ftp-5.4.3.jar:5.4.3]
    at org.springframework.integration.ftp.gateway.FtpOutboundGateway.doInWorkingDirectory(FtpOutboundGateway.java:285) ~[spring-integration-ftp-5.4.3.jar:5.4.3]
    at org.springframework.integration.ftp.gateway.FtpOutboundGateway.ls(FtpOutboundGateway.java:209) ~[spring-integration-ftp-5.4.3.jar:5.4.3]
    at org.springframework.integration.file.remote.gateway.AbstractRemoteFileOutboundGateway.lsRemoteFilesForMget(AbstractRemoteFileOutboundGateway.java:1202) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.file.remote.gateway.AbstractRemoteFileOutboundGateway.mGetWithRecursion(AbstractRemoteFileOutboundGateway.java:1182) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.file.remote.gateway.AbstractRemoteFileOutboundGateway.mGet(AbstractRemoteFileOutboundGateway.java:1127) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.ftp.gateway.FtpOutboundGateway.lambda$mGet$3(FtpOutboundGateway.java:230) ~[spring-integration-ftp-5.4.3.jar:5.4.3]
    at org.springframework.integration.ftp.gateway.FtpOutboundGateway.doInWorkingDirectory(FtpOutboundGateway.java:285) ~[spring-integration-ftp-5.4.3.jar:5.4.3]
    at org.springframework.integration.ftp.gateway.FtpOutboundGateway.mGet(FtpOutboundGateway.java:229) ~[spring-integration-ftp-5.4.3.jar:5.4.3]
    at org.springframework.integration.file.remote.gateway.AbstractRemoteFileOutboundGateway.lambda$doMget$9(AbstractRemoteFileOutboundGateway.java:683) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.file.remote.RemoteFileTemplate.execute(RemoteFileTemplate.java:439) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.file.remote.gateway.AbstractRemoteFileOutboundGateway.doMget(AbstractRemoteFileOutboundGateway.java:682) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.file.remote.gateway.AbstractRemoteFileOutboundGateway.handleRequestMessage(AbstractRemoteFileOutboundGateway.java:573) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.handler.AbstractReplyProducingMessageHandler.handleMessageInternal(AbstractReplyProducingMessageHandler.java:134) ~[spring-integration-core-5.4.3.jar:5.4.3]
    at org.springframework.integration.handler.AbstractMessageHandler.handleMessage(AbstractMessageHandler.java:56) ~[spring-integration-core-5.4.3.jar:5.4.3]
    ... 43 more

Edit #2

[INFO] +- commons-net:commons-net:jar:3.7.2:compile
[INFO] +- org.springframework.integration:spring-integration-ftp:jar:5.4.3:compile

Edit #3 - Some exception higher in stack just for completeness

Caused by: org.springframework.messaging.MessagingException: Failed to execute on session; nested exception is javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
    at org.springframework.integration.file.remote.RemoteFileTemplate.execute(RemoteFileTemplate.java:448) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.file.remote.gateway.AbstractRemoteFileOutboundGateway.doMget(AbstractRemoteFileOutboundGateway.java:682) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.file.remote.gateway.AbstractRemoteFileOutboundGateway.handleRequestMessage(AbstractRemoteFileOutboundGateway.java:573) ~[spring-integration-file-5.4.3.jar:5.4.3]
    at org.springframework.integration.handler.AbstractReplyProducingMessageHandler.handleMessageInternal(AbstractReplyProducingMessageHandler.java:134) ~[spring-integration-core-5.4.3.jar:5.4.3]
    at org.springframework.integration.handler.AbstractMessageHandler.handleMessage(AbstractMessageHandler.java:56) ~[spring-integration-core-5.4.3.jar:5.4.3]
    ... 43 more

Edit 4# Experiment with commons-net:jar:3.7.2

Following setup works fine

[INFO] +- commons-net:commons-net:jar:3.7.2:compile
[INFO] +- org.springframework.integration:spring-integration-ftp:jar:5.3.2.RELEASE:compile
[INFO] |  \- org.springframework.integration:spring-integration-file:jar:5.4.3:compile
[INFO] |     \- org.springframework.integration:spring-integration-core:jar:5.4.3:compile
[INFO] |        \- org.springframework.retry:spring-retry:jar:1.3.1:compile

Did you really only upgrade the spring version or also upgraded the java version. — M. Deinum, Feb 08 '21 at 14:12
@m-deinum, thanks for response. Java version is 11. We used this also before the spring upgrade. Is there any change necessary after java upgrade ? Just for future. Thanks. — Kristian Dienes, Feb 08 '21 at 14:20
Please, share the whole stack trace to see what code really caused such an SSL problem. — Artem Bilan, Feb 08 '21 at 14:56
No, please, edit your question with that info. The comments over here don't carry code properly. — Artem Bilan, Feb 08 '21 at 15:10
Please, see my answer. The bug is on the `commons-net` side. — Artem Bilan, Feb 08 '21 at 15:41

score 3 · Answer 1 · answered Feb 08 '21 at 15:41

3

Please, consider to use commons-net:commons-net:3.7.2 dependency.

We indeed upgraded Spring Integration starting of version 5.4 to commons-net 3.7 from an old 3.6.

See this issue for more details: https://github.com/spring-projects/spring-integration/issues/3463.

We have plans to release 5.4.4 the next week: https://calendar.spring.io/

answered Feb 08 '21 at 15:41

Artem Bilan

113,505
11
91
118

adding this dependency results in same exception – Kristian Dienes Feb 08 '21 at 15:53
How do you do that, please? If you use Gradle, it must be declared *before* `spring-integrartion-ftp`. Otherwise the version is overridden with a transitive one. You can exclude a `commons-net` from `spring-integrartion-ftp` though. – Artem Bilan Feb 08 '21 at 15:58
I am using maven, I added it before the spring-integration-ftp. – Kristian Dienes Feb 08 '21 at 16:35
OK. Can you confirm, please, with `mvn dependency:tree` command that you indeed have a `commons-net:3.7.2` on CP? – Artem Bilan Feb 08 '21 at 16:37
OK. I added an `apache-commons-net` tag to your question. Let's see if Apache community will help you some how! Any chances to see a simple short project to reproduce an issue? What Java version do you use though? Do you do anything with SSL configuration though? – Artem Bilan Feb 08 '21 at 16:55
We are using java 11. And there is no ssl config. I am using only the configuration, which is posted above – Kristian Dienes Feb 08 '21 at 16:57
Another thought: have you tried to to downgrade it to `3.6`? How does it work with an old `commons-net`? – Artem Bilan Feb 08 '21 at 17:13
same issue with `commons-net:commons-net:3.6`, added stack trace from higher in stack, just for completeness – Kristian Dienes Feb 08 '21 at 17:29
Something is fishy with your project. When we upgraded to commons-net-3.7, we had not changed anything in the code: https://github.com/spring-projects/spring-integration/commit/269e9846a32369d19c3019bc4f7e02e06f28bd41. So, if you claim it worked before with the previous Spring Integration version, and therefore with commons-net-3.6, then it must work with `3.6` even right now. I have just tested version change in some Spring Boot demo project and it looks correct in dependency tree report. So, or you manage versions some other way, or issue is not related to Spring Integration and commons-net – Artem Bilan Feb 08 '21 at 17:58
@ArtemBilab Is there a chance I need to use setProtocol, setProtocols methods ? – Kristian Dienes Feb 08 '21 at 20:25
Have no idea. Since your solution is failing, it worth to try everything available. – Artem Bilan Feb 08 '21 at 20:31
looks like it works against local ftp server where I use ftps, however I would need to use TLS protocol. Am I missing something for TLS conf ? – Kristian Dienes Feb 09 '21 at 00:03
So, it works locally independently of Spring Integration and commons-net versions? – Artem Bilan Feb 09 '21 at 00:07
yes it works locally with SSL, however I need to use TLS protocol. Weird is that the same config is working fine with spring boot 2.3.4 – Kristian Dienes Feb 09 '21 at 08:16

score 1 · Accepted Answer · answered Feb 09 '21 at 10:44

1

After downgrading spring-integration-ftp to version 5.3.2.RELEASE it works.

<dependency>
  <groupId>org.springframework.integration</groupId>
  <artifactId>spring-integration-ftp</artifactId>
  <version>5.3.2.RELEASE</version>
</dependency>

answered Feb 09 '21 at 10:44

Kristian Dienes

169
2
12

Ok. How does it work then if you upgrade commons-net to 3.7.2? I mean I fully don’t believe that Spring Integration is involved somehow in the problem... Do you still use Spring Boot 2.4.2? – Artem Bilan Feb 09 '21 at 12:37
yes spring boot 2.4.2 and downgraded the integration-ftp to 5.3.2.RELEASE. This version contains commons-net:jar:3.6 – Kristian Dienes Feb 09 '21 at 12:51
I know. That’s why I’m asking how is it if an explicit 3.7.2? – Artem Bilan Feb 09 '21 at 12:52
@AdamBilan please see my edit 4# in the main post – Kristian Dienes Feb 09 '21 at 13:17
Ok. So, claim is that something has changed in Spring Integration FTP 5.4. Why don’t you try with 5.3.5 though? How can we reproduce it on our side? Any simple project to play with, please? – Artem Bilan Feb 09 '21 at 13:29
@ArtemBilan, my plan is to try out 5.3.5, the reason why I used 5.3.2 is because this was a previous working version for us. This is not a public project so I cannot share any source code, but I posted the config in the main post, then I am using this config with FTPOutboundGateway and command, which I use is “mget”, then the expression is “payload”. If you want I can setup later today or tomorrow a simole project to mirror my usecase, if it’d help you. – Kristian Dienes Feb 09 '21 at 13:34
That would be great! I don’t think that we need so complex scenario to reproduce as MGET, but I’d like to narrow change scope to figure out what we have broken – Artem Bilan Feb 09 '21 at 13:52
Unfortunately I don't see any changes in the SI-FTP module to confirm a regression for FTPS: https://github.com/spring-projects/spring-integration/commits/v5.4.3/spring-integration-ftp – Artem Bilan Feb 09 '21 at 14:54
@ArtemBilan is it possible, that there is some config on ftp server, which can cause that it is working only with older version of the module ? – Kristian Dienes Feb 09 '21 at 17:03
I don’t think so, but you can try somehow to trace requests to see a difference – Artem Bilan Feb 09 '21 at 17:15

Spring Integration DefaultFtpsSessionFactory

2 Answers2