1. Home

Product groups

Support

450 TLS session of data connection has not resumed... - WeOnlyDo Discussion board

450 TLS session of data connection has not resumed... (wodFtpDLX / wodFtpDLX.NET)

by isoarthenland, Tuesday, July 26, 2016, 22:38 (2824 days ago)

I'm trying to connect to the current version of the FileZilla server using WeOnlyDo.Client.Protocols.FTPSwithdata

The control connection appears to be connected OK to the server, however when I try to send the file, the following happens:

1. The file is created on the server with 0 bytes.
2. The following message is thrown:

450 TLS session of data connection has not resumed or the session does not match the control connection

On the FileZilla server, if I uncheck the "Require TLS session resumtion on data connection when using PROTP" The transfer is performed successfully.

Am I correct in assuming that the server wants a new connection for the data, and if so, what needs to be done on the FtpDLX side?

I am using FtpDLX.NET version 1.8.1.237

Thanks!

Russ

locked
  10501 views

450 TLS session of data connection has not resumed...

by Jasmine, Wednesday, July 27, 2016, 17:05 (2824 days ago) @ isoarthenland

Hi Russ.

Different servers handle DATA connection (which is separate) differently, and we didn't have reports of FileZilla servers rejecting file transfers with this error yet.

But we will check it out to see if we can force session reuse for DATA connection and get back to you.

Jasmine.

locked
  10384 views

450 TLS session of data connection has not resumed...

by isoarthenland, Wednesday, July 27, 2016, 17:11 (2824 days ago) @ Jasmine

Thank you Jasmine,

FYI here are the FileZilla server ( 0.9.57 beta)settings

General Settings:
Listen on these ports: 21

FTP over TLS Settings:

Enable FTP over TLS support (FTPS) ---- checked

A certificate was created and is in use.

Allow explicit FTP over TLS-----checked
Listen for implicit FTP over TLS port: 990
Force PROT P to encrypt file transfers when using FTP over TLS ----checked
RequireTLS session resumtion on data connection whn using PROT P -----checked

locked
  10429 views

450 TLS session of data connection has not resumed...

by Jasmine, Wednesday, July 27, 2016, 17:13 (2824 days ago) @ isoarthenland

Hi Russ,

I'm just little worried about this 'require session reuse'. Do you have special reason why you require it? I mean, we can enable it, but then DATA may be dropping for other servers that don't require it..

Jasmine.

locked
  10393 views

450 TLS session of data connection has not resumed...

by isoarthenland, Wednesday, July 27, 2016, 17:21 (2824 days ago) @ Jasmine

Actually...we are a company with many customers that use our service to scrape data. They can then "publish" that data to their FTP servers. Last week a customer complained that they were unable to receive data on their FileZilla FTP server from our application.

I subsequently upgraded our FtpDLX.NET to the most recent version and installed a FileZilla server for internal testing of changes we are making and it was during the internal testing that I came across this issue.

Before you do anything else, let me check with the customer to see if they need that setting checked.

Thanks,

Russ

locked
  10384 views

450 TLS session of data connection has not resumed...

by isoarthenland, Wednesday, July 27, 2016, 19:03 (2824 days ago) @ isoarthenland
edited by isoarthenland, Wednesday, July 27, 2016, 19:09

Here's the reply from our customer:


"I'm unsure of why your server is unable to resume connection in TLS, but this is a known vulnerability."

When the customer says "why your server" in the above quote they are referring to our application that is attempting to send them data using FtpDLX


Archived here.

https://filezilla-project.org/misc/ftps_connection_stealing_exploit.cpp

locked
  10414 views

The wodCrypt product is great and we appreciate your effort to add support for UNIX Crypt.

William Ruf
Siemens Information and Communication Networks

Brilliant, even works on the mobile phone...

Conrad Leigh
Leaf Wireless

Thank you very much for the rapid responses. I was a little nervous about dealing with a company that is on a different continent from me. You have proven my concerns to be unfounded.

Robert Pacheco
Surebridge, Inc.

You have been great as far as offering support is concerned and has been extremely responsive to both support requests and suggestions for product enhancements.

David Keenan
Serengeti Systems Incorporated

The SFTP ocx is one of the finest pieces of programming I have seen. It worked out of the box...

Kenneth R. Robinette
InterSoft International

Congratulations on an excellent product and first rate support!

Sander Pool
Rhapsody Networks

Just thought you'd like to know that my gateway app with your SMTP Server component held the line against a DDOS attack today...

Chris Langsenkamp
Clever Technologies

Just thought you'd like to know that my gateway app with your SMTP Server component held the line against a DDOS attack today...

Chris Langsenkamp
Clever Technologies

I've heard that you are amazing with your replies coming back so quickly - and now I've seen the speed in which you reply first hand.

Andrew Narracott
Sun Computer Consultancy

I can only hope I will have the pleasure to work with other products by "We Only Do" in the future.

Tomer Spivak
Verint Systems Ltd