This morning, after updating the FZ client to the last version 3.45.1, I discovered that I can't retrieve directory listings against my own FTP server using explicit FTP over TLS anymore:
Code: Select all
Command: PASV
Response: 227 Entering Passive Mode (xx,xx,xx,xx,178,177).
Command: MLSD
Response: 150 Opening BINARY mode data connection for MLSD
Response: 425 Unable to build data connection: Operation not permitted
FZ 3.42.1 --> doesn't work either
FZ 3.35.1 --> works great!
I found this entry in the tls.log in the server:
Code: Select all
2019-10-08 20:07:39,831 mod_tls/2.6[18257]: TLS/TLS-C requested, starting TLS handshake
2019-10-08 20:07:39,961 mod_tls/2.6[18257]: TLSv1.3 renegotiation accepted, using cipher TLS_AES_256_GCM_SHA384 (256 bits)
2019-10-08 20:07:39,961 mod_tls/2.6[18257]: TLSv1.3 renegotiation accepted, using cipher TLS_AES_256_GCM_SHA384 (256 bits)
2019-10-08 20:07:39,961 mod_tls/2.6[18257]: TLSv1.3 connection accepted, using cipher TLS_AES_256_GCM_SHA384 (256 bits)
2019-10-08 20:07:40,212 mod_tls/2.6[18257]: Protection set to Private
2019-10-08 20:07:40,524 mod_tls/2.6[18257]: starting TLS negotiation on data connection
2019-10-08 20:07:40,592 mod_tls/2.6[18257]: TLSv1.3 renegotiation accepted, using cipher TLS_AES_256_GCM_SHA384 (256 bits)
2019-10-08 20:07:40,592 mod_tls/2.6[18257]: client reused SSL session for data connection
2019-10-08 20:07:40,592 mod_tls/2.6[18257]: Client did not reuse SSL session from control channel, rejecting data connection (see the NoSessionReuseRequired TLSOptions parameter)
2019-10-08 20:07:40,592 mod_tls/2.6[18257]: unable to open data connection: TLS negotiation failed
If I include the "NoSessionReuseRequired" TLSOption in the server, everything works... with the unwanted (un)security side effect...
I can provide detailed logs/access if required.
Configurations:
FTP Server
--------------
ProFTPD Version 1.3.5e (fully updated)
FileZilla Client
----------------
Version: 3.42.1
Build information:
Compiled for: x86_64-apple-darwin18.5.0
Compiled on: x86_64-apple-darwin18.5.0
Build date: 2019-05-08
Compiled with: Apple LLVM version 10.0.1 (clang-1001.0.46.4)
Compiler flags: -Werror=partial-availability -Wall -g -std=c++14
Linked against:
wxWidgets: 3.0.5
SQLite: 3.26.0
GnuTLS: 3.6.7
Operating system:
Name: Mac OS X (Darwin 18.7.0 x86_64)
Version: 10.14
CPU features: sse sse2 sse3 ssse3 sse4.1 sse4.2 avx avx2 aes pclmulqdq rdrnd bmi2 bmi2 lm
Settings dir: /Users/xxx/.config/filezilla/
FileZilla Client
----------------
Version: 3.45.1
Build information:
Compiled for: x86_64-apple-darwin18.7.0
Compiled on: x86_64-apple-darwin18.7.0
Build date: 2019-09-25
Compiled with: Apple LLVM version 10.0.1 (clang-1001.0.46.4)
Compiler flags: -Werror=partial-availability -Wall -g
Linked against:
wxWidgets: 3.0.5
SQLite: 3.26.0
GnuTLS: 3.6.7
Operating system:
Name: Mac OS X (Darwin 18.7.0 x86_64)
Version: 10.14
CPU features: sse sse2 sse3 ssse3 sse4.1 sse4.2 avx avx2 aes pclmulqdq rdrnd bmi2 bmi2 lm
Settings dir: /Users/xxx/.config/filezilla/