FileZilla Forums

Checking this option does nothing. It asks the same question next time you connect regardless. The server in question is on my lan as you can see.

Do I need to delete and re-add the sever? Is it a bug?

It's a bug.

Probably for the better though, the more annoying plaintext FTP becomes, the faster people switch to FTP over TLS.

Is it going to be fixed?

Like i say it's on my lan, it not externally facing anywhere.

Maybe it could be an undocumented feature requiring a manual edit of the xml file.

Even though the server is in your LAN, there's no reason not to enable TLS on it.

It's a PVR. I can't enable TLS on it.

@botg: I'm with the users, here. There are simply cases where FTP over TLS cannot be enabled, even if desired. Not only in case of embedded things on read-only media, but also in the case of too weak hardware. TLS needs resources (CPU time and memory for encryption) and would slow down such devices (like PVR etc.) to a crawl.

I know that you are planning to do away with plain FTP, altogether, however, there should be exceptions (with warning):

1. LAN-only servers, to cover local embedded devices. Connection over public nets should be disallowed, OTOH.
2. Anonymous connections to public servers, to cover simple file downloads from public drop-off servers. Uploads and non-anonymous connections should be blocked, for the sake of security.

flagpole wrote:Is it going to be fixed?

"Going to" only if you travel back in time. It was already fixed in the repository on the 5th of July.

flagpole wrote:It's a PVR. I can't enable TLS on it.

What date has the vendor agreed upon by with it will release a firmware update adding TLS support?

boco wrote:in the case of too weak hardware.

You buy new hardware.

boco wrote:TLS needs resources (CPU time and memory for encryption)

Just a few KB of memory. And modern CPUs all have hardware acceleration for AES, even in the embedded world.

You know the problem here. Lack of empathy. You can not imagine that anyone else's use case is differnt from yours.

What will happen if you disable support for legacy protcols? People will continue to use the old version which you will not be able to patch.

This reminds me of when you refused for years to to add any kind of encryption to the passwords stored in filezilla.

As for when the manufacturer plans to add support for TLS, they don't which I suspect you knew. You were making rhetorical point, the nature of which escapes me.

My whole point is this: Don't be lazy, don't be cheap. Get hard- and software that is secure and configure it accordingly.

Obviously, we don't live in the same worlds.

Are you forced by law to use outdated hard- or software?

No, just by wallet.