none
Enable TLS session reuse to server without RFC7627 RRS feed

  • Question

  • At Windows Update of 2019/10, RFC7627 Extended Master Secret was enabled. My ftp client fails to connect to old ftp server. Of course, ftp server should be updated. But I want to know client side workaround.

    I tried the registry HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel, DisableClientExtendedMasterSecret=1, but it does not work properly.

    Please tell me workaround of registry or schannel code.

    I don't want to disable RFC7627. I want to enable TLS session reuse (RFC5077 TLS Session Resumption) agenist tls server that do not support RFC7627 EMS.
    • Edited by 佐祐理 Tuesday, November 19, 2019 7:50 PM
    Saturday, November 16, 2019 3:01 AM

All replies

  • Hi,

    Thanks for posting here.

    In the link you posted, under the column: Advanced information for administrators

    • Enable support for Extend Master Secret (EMS) extensions when performing TLS connections on both the client and the server operating system. 
    • For operating systems that do not support EMS, remove the TLS_DHE_* cipher suites from the cipher suite list in the OS of the TLS client device. For instructions on how to do this on Windows, see Prioritizing Schannel Cipher Suites.

    Best Regards,

    Drake


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, November 19, 2019 1:36 AM
    Moderator
  • Sorry, this steps does not enable tls session reuse.
    Tuesday, November 19, 2019 7:52 PM
  • If the question is about enable TLS session reuse and may not be related to desktop development, you could get a better support by asking on the IIS forum(which supports FTP issues).

    https://forums.iis.net/

    Best Regards,

    Drake


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, November 20, 2019 2:58 AM
    Moderator