450 TLS session of data connection has not resumed... - WeOnlyDo Discussion board

450 TLS session of data connection has not resumed... (wodFtpDLX / wodFtpDLX.NET)

by isoarthenland, Tuesday, July 26, 2016, 22:38 (486 days ago)

I'm trying to connect to the current version of the FileZilla server using WeOnlyDo.Client.Protocols.FTPSwithdata

The control connection appears to be connected OK to the server, however when I try to send the file, the following happens:

1. The file is created on the server with 0 bytes.
2. The following message is thrown:

450 TLS session of data connection has not resumed or the session does not match the control connection

On the FileZilla server, if I uncheck the "Require TLS session resumtion on data connection when using PROTP" The transfer is performed successfully.

Am I correct in assuming that the server wants a new connection for the data, and if so, what needs to be done on the FtpDLX side?

I am using FtpDLX.NET version 1.8.1.237

Thanks!

Russ

450 TLS session of data connection has not resumed...

by Jasmine, Wednesday, July 27, 2016, 17:05 (485 days ago) @ isoarthenland

Hi Russ.

Different servers handle DATA connection (which is separate) differently, and we didn't have reports of FileZilla servers rejecting file transfers with this error yet.

But we will check it out to see if we can force session reuse for DATA connection and get back to you.

Jasmine.

450 TLS session of data connection has not resumed...

by isoarthenland, Wednesday, July 27, 2016, 17:11 (485 days ago) @ Jasmine

Thank you Jasmine,

FYI here are the FileZilla server ( 0.9.57 beta)settings

General Settings:
Listen on these ports: 21

FTP over TLS Settings:

Enable FTP over TLS support (FTPS) ---- checked

A certificate was created and is in use.

Allow explicit FTP over TLS-----checked
Listen for implicit FTP over TLS port: 990
Force PROT P to encrypt file transfers when using FTP over TLS ----checked
RequireTLS session resumtion on data connection whn using PROT P -----checked

450 TLS session of data connection has not resumed...

by Jasmine, Wednesday, July 27, 2016, 17:13 (485 days ago) @ isoarthenland

Hi Russ,

I'm just little worried about this 'require session reuse'. Do you have special reason why you require it? I mean, we can enable it, but then DATA may be dropping for other servers that don't require it..

Jasmine.

450 TLS session of data connection has not resumed...

by isoarthenland, Wednesday, July 27, 2016, 17:21 (485 days ago) @ Jasmine

Actually...we are a company with many customers that use our service to scrape data. They can then "publish" that data to their FTP servers. Last week a customer complained that they were unable to receive data on their FileZilla FTP server from our application.

I subsequently upgraded our FtpDLX.NET to the most recent version and installed a FileZilla server for internal testing of changes we are making and it was during the internal testing that I came across this issue.

Before you do anything else, let me check with the customer to see if they need that setting checked.

Thanks,

Russ

450 TLS session of data connection has not resumed...

by isoarthenland, Wednesday, July 27, 2016, 19:03 (485 days ago) @ isoarthenland
edited by isoarthenland, Wednesday, July 27, 2016, 19:09

Here's the reply from our customer:


"I'm unsure of why your server is unable to resume connection in TLS, but this is a known vulnerability."

When the customer says "why your server" in the above quote they are referring to our application that is attempting to send them data using FtpDLX


Archived here.

https://filezilla-project.org/misc/ftps_connection_stealing_exploit.cpp