Hi,
I'm testing a new hosting provider. When I set up an FTPS connection as suggested by the provider, I'm getting the following warning from FileZilla:
____________________________
This server does not support tls session resumption on the data connection. TLS session resumption on the data connection is an important security feature to protect against data connection stealing attacks
If you continue, transferred files may be intercepted or their contents replaced by an attacker.
Server: xxx.example.com
Port: 21
[Checkbox] -> Allways allow insecure data connections for this server in future sessions.
____________________________
In my FileZilla (version 3.66.5) configuration I have setup the following:
Protocol: FTP - File Transfer Protocol
Host: xxx.example.com
Encryption: Require explicit FTP over TLS
I have contacted the hosting provider and they told me that the warning just says that the server does not support 'tls session resumption' but that the connection is still encrypted.
I have also looked up some information for 'tls session resumption' and here's what I found:
"If TLS session resumption is not active, it doesn't mean that your FTP connection is not secured at all. It simply means that the server is not reusing previously established TLS sessions to resume connections, which can impact performance but doesn't necessarily indicate a lack of security."
So what to do about the warning that FileZilla is giving me? The hosting provider is telling me that it can be ignored because the connection is encrypted and if I want SFTP instead of FTPS I can upgrade to another package where SFTP is included. But I think FTPS should do the job too. Or am I wrong?
Is the FileZilla warning - '...If you continue, transferred files may be intercepted or their contents replaced by an attacker.' - a bit imprecise and too harsh? Or is this a valid statement regarding 'tls session resumption'? The statement of the hosting provider is reliable imho, given the information I read about 'tls session resumption'.
Has anyone a take on that?
Warning: '...server does not support tls session resumption...'
Moderator: Project members
Re: Warning: '...server does not support tls session resumption...'
TLS session resumption is vital for the security of data connection. Without session resumption, the data connection is entirely unauthenticated, meaning that an attacker can intercept your transfers, either reading your files as you download it from the server, or replace whatever you want to upload with attacker-chosen files.
Re: Warning: '...server does not support tls session resumption...'
Encryption and integrity protection on its own does not provide security. Encryption must always be combined with mutual authentication to ensure that both sender and recipient are genuine.
In both control and data connections, the server is authenticated via the signature over the handshake data it creates during the handshake, with the client checking the checking the fingerprint of the public key, of either the signature itself, or delegating it through the certificate chain to a trusted certificate authority, checking recursively that all fingerprints are contained in the respective certificates in the chain.
On the control connection, the client is authenticated via the password.
Now the data connection: Besides the TLS handshake, it's just the contents of the files, no authentication of the client takes place. This of course is a problem.
Here is where session resumption comes into play: By requiring that the data connection resumes the session from an authenticated control connection, the data connection thus also is authenticated. In the context of FTP over TLS, session resumption is even stronger than mere mutual authentication, it even proves that the data connection matches the associated control connection, as without proving this association, an attacker can still swap data connections between two sessions from the same mutually authenticated peers.
Long story short: Use TLS session resumption for the data connection. The year is 2024, there is no reason not to. It's very easy to implement.
In both control and data connections, the server is authenticated via the signature over the handshake data it creates during the handshake, with the client checking the checking the fingerprint of the public key, of either the signature itself, or delegating it through the certificate chain to a trusted certificate authority, checking recursively that all fingerprints are contained in the respective certificates in the chain.
On the control connection, the client is authenticated via the password.
Now the data connection: Besides the TLS handshake, it's just the contents of the files, no authentication of the client takes place. This of course is a problem.
Here is where session resumption comes into play: By requiring that the data connection resumes the session from an authenticated control connection, the data connection thus also is authenticated. In the context of FTP over TLS, session resumption is even stronger than mere mutual authentication, it even proves that the data connection matches the associated control connection, as without proving this association, an attacker can still swap data connections between two sessions from the same mutually authenticated peers.
Long story short: Use TLS session resumption for the data connection. The year is 2024, there is no reason not to. It's very easy to implement.
Re: Warning: '...server does not support tls session resumption...'
Hi botg,
thanks a lot for your detailed and great explanation. I’m not an expert. Unfortunately on this hosting that I am testing I can’t activate tls session resumption. The hosting provider is the admin. It is just a hosting package on a shared server storage.
Your explanation makes sense to me. But it’s weird that all of the information I have found online regarding tls session resumption says that it is about performance and not security. I didn’t find any information that says that the FTPS connection is not safe, if tls session resumption is deactivated. But I also have not researched for hours. Are there any articles that you know of, where I can find more information on that?
I think it’s better to go with your explanation and to go with hosting providers that have tls session resumption activated. The problem is that I have just found this out because FileZilla was returning this warning. Other ftp clients like e.g. cyberduck did not throw back any warning. I am mainly and almost always using FileZilla, so for me it’s ok. I just try out other software from time to time or I use other ftp clients to test things out like in this case.
So other users that think that their FTPS connection is secure are at risk, if tls session resumption is not active and their ftp client is not sending any warning. How is someone supposed to know about this security issue if the hosting provider is not mentioning it in their product details and the software does not give back any warning? Feels a bit like gambling.
I am wondering why this is not a major topic regarding FTPS connections, if a FTPS connection is still insecure when tls session resumption is deactivated. How can we know if a FTPS connection is secure, if such details like this function can be unnoticed because the software is not returning warnings and the hosting provider is saying that it’s not necessary for security but just for performance.
Also how to be aware of that detail when no hosting provider is mentioning beforehand, if this function is used or not. I have never seen that detail in the product informations of hosting providers. Everyone is just mentioning FTP over TLS (FTPS) or SSH/SFTP. No one informs about having tls session resumption active or not. At least I have not seen it anywhere or I can’t remember. I always thought that a proper FTPS connection is as secure as a SFTP connection.
Thanks again for your explanation! Very much appreciated.
Cheers,
milkman
thanks a lot for your detailed and great explanation. I’m not an expert. Unfortunately on this hosting that I am testing I can’t activate tls session resumption. The hosting provider is the admin. It is just a hosting package on a shared server storage.
Your explanation makes sense to me. But it’s weird that all of the information I have found online regarding tls session resumption says that it is about performance and not security. I didn’t find any information that says that the FTPS connection is not safe, if tls session resumption is deactivated. But I also have not researched for hours. Are there any articles that you know of, where I can find more information on that?
I think it’s better to go with your explanation and to go with hosting providers that have tls session resumption activated. The problem is that I have just found this out because FileZilla was returning this warning. Other ftp clients like e.g. cyberduck did not throw back any warning. I am mainly and almost always using FileZilla, so for me it’s ok. I just try out other software from time to time or I use other ftp clients to test things out like in this case.
So other users that think that their FTPS connection is secure are at risk, if tls session resumption is not active and their ftp client is not sending any warning. How is someone supposed to know about this security issue if the hosting provider is not mentioning it in their product details and the software does not give back any warning? Feels a bit like gambling.
I am wondering why this is not a major topic regarding FTPS connections, if a FTPS connection is still insecure when tls session resumption is deactivated. How can we know if a FTPS connection is secure, if such details like this function can be unnoticed because the software is not returning warnings and the hosting provider is saying that it’s not necessary for security but just for performance.
Also how to be aware of that detail when no hosting provider is mentioning beforehand, if this function is used or not. I have never seen that detail in the product informations of hosting providers. Everyone is just mentioning FTP over TLS (FTPS) or SSH/SFTP. No one informs about having tls session resumption active or not. At least I have not seen it anywhere or I can’t remember. I always thought that a proper FTPS connection is as secure as a SFTP connection.
Thanks again for your explanation! Very much appreciated.
Cheers,
milkman
Re: Warning: '...server does not support tls session resumption...'
The security aspect is unique to FTP with its separate data connections. If you see articles describing it in terms of performance, they are most definitely about TLS in other contexts, such as with HTTPS.Your explanation makes sense to me. But it’s weird that all of the information I have found online regarding tls session resumption says that it is about performance and not security.
Yes, that is a problem. Many if not most (I suspect it might even be all) other FTP clients do not warn about the lack of session resumption support.The problem is that I have just found this out because FileZilla was returning this warning. Other ftp clients like e.g. cyberduck did not throw back any warning. I am mainly and almost always using FileZilla, so for me it’s ok. I just try out other software from time to time or I use other ftp clients to test things out like in this case.
So other users that think that their FTPS connection is secure are at risk, if tls session resumption is not active and their ftp client is not sending any warning. How is someone supposed to know about this security issue if the hosting provider is not mentioning it in their product details and the software does not give back any warning? Feels a bit like gambling.
Then there are of course the FTP servers that, even if they support TLS session resumption, do not require resumption, which again leaves the server vulnerable to data connection stealing attacks. The FileZilla client unfortunately does not detect and warn about such servers.
FileZilla Server at least does require TLS session resumption on the data connection, it is mandatory and cannot be disabled. It cannot be disabled, as disabling it, and leaving it disabled forever, is the first thing users do if they use a client that doesn't support resumption. Unless they are forced to, the bad clients will never get fixed.
Ultimately it's an implementation detail, why should the hosting provider or the user care? It is the software vendors that should care. Insecure implementation of FTPS should not even exist.Also how to be aware of that detail when no hosting provider is mentioning beforehand, if this function is used or not. I have never seen that detail in the product informations of hosting providers. Everyone is just mentioning FTP over TLS (FTPS) or SSH/SFTP. No one informs about having tls session resumption active or not. At least I have not seen it anywhere or I can’t remember.
It is. Emphasis here should be on proper, for both protocols.I always thought that a proper FTPS connection is as secure as a SFTP connection.
Re: Warning: '...server does not support tls session resumption...'
Thanks botg! You da man!