FZ not remembering 'insecure connection' choice...

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
johnny_canuck
503 Bad sequence of commands
Posts: 18
Joined: 2019-12-29 17:34

FZ not remembering 'insecure connection' choice...

#1 Post by johnny_canuck » 2021-05-16 20:57

With FZ 3.54.x, certain connections pop up a 'warning' message that'This server does not support TLS session resumption...'. At the bottom of the window, there is a check-box for 'Always allow insecure data connections for this server in future sessions'.

Fine, except the check-box doesn't seem to 'stick'. If I connect to a site that causes the warning, check the box, and then reconnect to the site, the warning pops up again. So despite checking the box to allow connections to the site, the warning keeps popping up...

Minor bug?

User avatar
botg
Site Admin
Posts: 33523
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FZ not remembering 'insecure connection' choice...

#2 Post by botg » 2021-05-17 08:14

Cannot reproduce.

Could it be intermittent, with the server only occasionally supporting session resumption?

johnny_canuck
503 Bad sequence of commands
Posts: 18
Joined: 2019-12-29 17:34

Re: FZ not remembering 'insecure connection' choice...

#3 Post by johnny_canuck » 2021-05-17 10:51

No, I don't believe so. It happens *every* time I try the newest FZ, and 2 different servers. I even tried a full uninstall (using IObit's uninstaller, which also wipes out registry entries), followed by a re-install, and problem persists.

User avatar
botg
Site Admin
Posts: 33523
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FZ not remembering 'insecure connection' choice...

#4 Post by botg » 2021-05-17 11:59

Which FTP server software (product and version) are you using?

johnny_canuck
503 Bad sequence of commands
Posts: 18
Joined: 2019-12-29 17:34

Re: FZ not remembering 'insecure connection' choice...

#5 Post by johnny_canuck » 2021-05-17 12:08

Doesn't apply -- its not *my* server/software, but various commercial cloud servers.

User avatar
botg
Site Admin
Posts: 33523
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FZ not remembering 'insecure connection' choice...

#6 Post by botg » 2021-05-17 13:08

No problem. Which FTP server software (product and version) is running on the commercial cloud server? Asks your cloud server administrator or cloud server hosting provider for further information.

johnny_canuck
503 Bad sequence of commands
Posts: 18
Joined: 2019-12-29 17:34

Re: FZ not remembering 'insecure connection' choice...

#7 Post by johnny_canuck » 2021-05-18 19:25

Different problem -- first attempt with commercial cloud types (to paraphrase) - 'We can't release that information -- security'. Just like it isn't always possible to determine what web server is running on many/most websites (in fact, that is the case with the website I run off my server(s) -- I implemented a variety of things to make it difficult at best to tell by the usual simple tricks). At most you could tell nginx, or apache (or something else...).

At any rate, you might have alternative ways to get the information. One of the 'problem' servers is hosted by box.com. Simply create a temp, trial account on box.com, point latest FZ at it, and see what happens.

In the meantime, I rolled back to FZ 3.52.2, which doesn't pop up anything I don't want to pop up.

User avatar
botg
Site Admin
Posts: 33523
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FZ not remembering 'insecure connection' choice...

#8 Post by botg » 2021-05-19 00:18

"'We can't release that information -- security" Classic case of security by obscurity. Have they never heard of Kerckhoffs's principle?

Given enough eyeballs, all bugs are shallow. But if I can't look at the problem, due to not knowing what the server software is, my eyeballs will just float there and cannot see anything at all.


In a case of open source software vs blackbox, the burden of proof is always on the side of the blackbox vendor.

johnny_canuck
503 Bad sequence of commands
Posts: 18
Joined: 2019-12-29 17:34

Re: FZ not remembering 'insecure connection' choice...

#9 Post by johnny_canuck » 2021-05-19 00:26

Fair enough. I would still submit that the inability of FZ to have an option 'stick' is a bug on the FZ end. Irrespective of what the server software is -- the option 'don't warn me' simply doesn't work. The option should completely turn off the warning, no matter what the server side is presenting.

In the meantime, I'll stay with 3.52.2, which works fine, and has a stable feature set I'm unlikely to need to move beyond in the forseeable future.

User avatar
botg
Site Admin
Posts: 33523
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FZ not remembering 'insecure connection' choice...

#10 Post by botg » 2021-05-19 07:49

The option does stick. It however gets cleared automatically if the server starts to support session resumption. This is a security measure.

Don't use outdated software, it puts you at great risk to have your data stolen.

User avatar
boco
Contributor
Posts: 25547
Joined: 2006-05-01 03:28
Location: Germany

Re: FZ not remembering 'insecure connection' choice...

#11 Post by boco » 2021-05-19 12:52

Could be load balancing or a similar CDN. Clients are redirected to different mirrors depending on load. Some of them are "good" and some "bad". A "bad" server will cause the prompt to appear. After having been acknowledged, one of the next connections to a "good" server clears the flag again and the dialog reappears. Such a mixed bag of servers can be a real mess.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Post Reply