Cannot connect to FTP over TLS

Bugs and issues.
Post Reply
Message
Author
irisee
Posts: 1
Joined: 05.10.2021, 12:30

Cannot connect to FTP over TLS

#1 Post by irisee » 05.10.2021, 16:53

Issue description:
Cannot connect to FTP over SSL/TLS.
Steps to reproduce the issue:
  1. Set FTP with TLS - Settings:
    • FTP with explicit TLS error
    • Type: Autodetect
    • TLS/SSL: Explicit; TLS; Use secured chanel enabled
    • Use pasive mode for transfer enabled
    • Transfer mode: Stream
    • Throuhput upper limit: 0
    • Batch size: 8192
  2. Connect to FTP
  3. Error:

    Code: Select all

    ==== Connect: 05.10.2021 16:51:56 ====
    220 Microsoft FTP Service
    234 AUTH command ok. Expecting TLS Negotiation.
    331 Password required
    230 User logged in.
    211-Extended features supported:
     LANG EN*
     UTF8
     AUTH TLS;TLS-C;SSL;TLS-P;
     PBSZ
     PROT C;P;
     CCC
     HOST
     SIZE
     MDTM
     REST STREAM
    211 END
    215 Windows_NT
    211-Extended features supported:
     LANG EN*
     UTF8
     AUTH TLS;TLS-C;SSL;TLS-P;
     PBSZ
     PROT C;P;
     CCC
     HOST
     SIZE
     MDTM
     REST STREAM
    211 END
    257 "/" is current directory.
    200 Mode S ok.
    200 STRU F ok.
    200 Type set to I.
    200 PBSZ command successful.
    200 PROT command successful.
    227 Entering Passive Mode (195,113,207,180,219,168).
    125 Data connection already open; Transfer starting.
    226 Transfer complete.
    FtpDirectoryListingOfCurrentDir(): (-6) The connection to the server is not active - /
    221 Goodbye.
What's the expected result?
Connect to a server using TLS.
Additional details:
OS: Windows 10 64-bit 21H1
FreeCommander XE: FreeCommander XE 2021 Build 840 32-bit public

I can connect to FTP server with Filezilla or WinSCP.

daniel_fendek
Posts: 4
Joined: 16.02.2022, 11:07

Re: Cannot connect to FTP over TLS

#2 Post by daniel_fendek » 21.02.2022, 09:02

I have the same problem.

daniel_fendek
Posts: 4
Joined: 16.02.2022, 11:07

Re: Cannot connect to FTP over TLS

#3 Post by daniel_fendek » 21.02.2022, 09:55

this is what I have found:
https://forum.filezilla-project.org/vie ... hp?t=36903
It appears your client does not support TLS session resumption. Please contact your client vendor so that TLS session resumption can be implemented in your client.

Not requiring session resumption allows session stealing attacks. The problem with FTP is that the data connection does not authenticate the client: Imagine you a want to upload a new version of your website. To initiate the transfer your client sends the PASV command followed by the STOR command. The server opens a port and waits for the client to connect to it and upload the file. Now an attacker comes along and figures out the port the server listens on. He connects to the port before you can and uploads a piece of malware to your website.

TLS session resumption prevents this, it acts as a form of authentication. If the TLS session of the data connection matches the session of the control connection, both the client and the server have the guarantee that the data connection is genuine. Any mismatch in sessions indicates a potential attack.
Top
could you add support for TLS session resumption please?

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests