Issue
After an upgrade from Semarchy xDI 2023.1.x LTS (Java 11) to any version after 2024.1.x, a previously working FTPS file transfer began failing with the following error:
425 Unable to build data connection: TLS session of data connection not resumed
This error blocked file transfers in production, even though everything worked correctly before the upgrade.
Cause
Starting with 2024.1.x, xDI requires using Java 17 or Java 21.
Those versions enable TLS 1.3, which introduces key changes in how secure connections are managed.
TLS 1.3 no longer supports session reuse and instead relies on session tickets to resume connections.
However, many FTPS servers still require session reuse to establish the data connection (passive mode). This incompatibility causes the handshake to fail.
Solution
1. Force TLS 1.2
To maintain compatibility with FTPS servers that require session reuse, add the following Java options:
-Djdk.tls.client.protocols=TLSv1.2
-Djdk.tls.client.enableSessionTicketExtension=false
2. Where to set these options?
In your runtime’s initVariables file, locate the XDI_RUNTIME_VM_PROPERTIES and add
XDI_RUNTIME_VM_PROPERTIES="-Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.client.enableSessionTicketExtension=false"
Afterward, restart the runtime for the changes to take effect.
After applying these settings and restarting the runtime, the FTPS file transfer worked correctly again, confirming that the issue was related to the TLS 1.3 handshake behavior.
Issue
After an upgrade from Semarchy xDI 2023.1.x LTS (Java 11) to any version after 2024.1.x, a previously working FTPS file transfer began failing with the following error:
425 Unable to build data connection: TLS session of data connection not resumed
Cause
Starting with 2024.1.x, xDI requires using Java 17 or Java 21.
Those versions enable TLS 1.3, which introduces key changes in how secure connections are managed.
TLS 1.3 no longer supports session reuse and instead relies on session tickets to resume connections.
However, many FTPS servers still require session reuse to establish the data connection (passive mode). This incompatibility causes the handshake to fail.
Solution
1. Force TLS 1.2
To maintain compatibility with FTPS servers that require session reuse, add the following Java options:
-Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.client.enableSessionTicketExtension=false
2. Where to set these options?
In your runtime’s initVariables file, locate the XDI_RUNTIME_VM_PROPERTIES and add
XDI_RUNTIME_VM_PROPERTIES="-Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.client.enableSessionTicketExtension=false"
Afterward, restart the runtime for the changes to take effect.
After applying these settings and restarting the runtime, the FTPS file transfer worked correctly again, confirming that the issue was related to the TLS 1.3 handshake behavior.