TLS session resumption on data connection failed. Closing control connection to start over.

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#16 Post by botg » 2021-10-15 10:04

TLS session resumption is required on the data connection to prevent data connection stealing attacks. Both the client and the server need to verify that resumption is used to ensure data connections aren't stolen.

A client that doesn't verify if resumption is used, won't complain if resumption isn't used and allows data connections to be stolen.
Likewise, a server that doesn't verify if resumption is used, won't complain if resumption isn't used and allows data connections to be stolen.
The important thing is, just having one end verify resumption usage is not enough.

Secure:
* Both server and client supporting resumption, and verifying resumption is used.

Insecure, in some cases diagnostic error messages can be shown:
* Client verifying resumption, server not supporting resumption
* Server verifying resumption, client not supporting resumption
* Client verifying resumption, server supporting, but not verifying resumption
* Server verifying resumption, client supporting, but not verifying resumption

Insecure, no error indication at all:
* Both client and server don't care about resumption. Doesn't matter if they support it or not.

sincro
500 Command not understood
Posts: 3
Joined: 2021-10-14 13:21
First name: Fabrizio
Last name: Galanti

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#17 Post by sincro » 2021-10-15 10:25

Ok thanks now it's clear. Check with the manufacturer of Serv-U.

anonhuman
500 Syntax error
Posts: 12
Joined: 2019-05-20 17:05

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#18 Post by anonhuman » 2021-11-04 22:13

Ok, so how do you fix this when using VSFTPD?

I'm running into this issue. Half of my files transferred successfully, but the rest failed:
Error: TLS session resumption on data connection failed. Closing control connection to start over.
Error: File transfer failed
Is there an option in FileZilla client to turn this option / check off so that I can complete my FTP transfers? This is rather annoying for those of us running older Linux servers where the FTP server software may not be easy to upgrade or modify...

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#19 Post by botg » 2021-11-05 09:18

Which version of vsftpd are you using?

Freeze
500 Command not understood
Posts: 2
Joined: 2021-11-05 14:18

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#20 Post by Freeze » 2021-11-05 14:22

For all who have no chance to get the server working correctly: At least I found the solution how you can get rid of this problem by changing the source code.
In the file /ftp/transfersocket.cpp comment out line 387 ("auto const cap = CServerCapabilities...") and add directly below a new line with "auto const cap = no;"
Last edited by botg on 2021-11-05 20:13, edited 2 times in total.
Reason: Made the really bad advice less obvious. Zoom if you dare.

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#21 Post by botg » 2021-11-05 20:09

Congratulations, you have just created your first security vulnerability.

Please don't mess with security-critical code if you don't understand the impact of your changes.

Freeze
500 Command not understood
Posts: 2
Joined: 2021-11-05 14:18

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#22 Post by Freeze » 2021-11-06 07:04

I totally understand.
If you don't want to have this in the forum, feel free to delete my posts.
But in my case I have no problem with this vulnerability and so may others.

stonecutter357
500 Command not understood
Posts: 1
Joined: 2021-11-06 19:03
First name: Fred
Last name: Broecker

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#23 Post by stonecutter357 » 2021-11-06 19:22

I had a client contact me that he was unable to connect to my ftp server (Serv-U FTP) and he had recently upgraded to the latest version of Filezilla client. I ran a test myself and was able to connect but I ignored the prompt to upgrade to the latest version. He tried a different ftp client and was able to connect but then I upgraded my version of Filezilla client & found that now I couldn't connect either.
Is there a means for rolling back Filezilla to our previous versions? I wasn't able to find a repository for downloading previous versions.

Our ftp server log shows that our server didn't reject the connection but that the client (Filezilla) aborted the connection prior to sending the Login authentication.
This is a screenshot of the error messages we're getting when trying to connect....
filezilla-error.png
filezilla-error.png (26.98 KiB) Viewed 5554 times
So if I could go back to my previous version until this bug is resolved it would be greatly appreciated. Is there a way that I can d/l an earlier version? If not then I'll need to find an alternative product to use.

Thanks.

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#24 Post by boco » 2021-11-06 20:50

What bug are you speaking about?

FileZilla, in its default configuration, now requires the FTP server to support at least TLS 1.2.

- Does your FTP server support TSL 1.2 or higher?
- If yes, is that feature enabled in the server configuration?
- If no, why not? TLS 1.2 is more than a decade old.

And, while you still are at testing, FileZilla has an option in the settings to allow a minimum version of TLS 1.1 or even 1.0. Does it connect with this setting set to 1.1/1.0?

We had a similar discussion not long ago, about the FTP Voyager client which is also from Rhinosoft/Solarwinds. That client only supports TLS 1.0 max, so, I fear for the worst...
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

anonhuman
500 Syntax error
Posts: 12
Joined: 2019-05-20 17:05

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#25 Post by anonhuman » 2021-11-07 19:43

vsftpd: version 3.0.3

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#26 Post by boco » 2021-11-07 23:03

https://security.appspot.com/vsftpd/Changelog.txt

According to the changelog, the change to support TLS 1.2 as minimum by default has been made after 3.0.3 (i. e. for the 3.0.4 release, now at 3.0.5). So, your vsftps should support TLS 1.2 but it possibly needs to be enabled in the configuration.
changelog after 3.0.3 wrote:- Disable TLS prior to v1.2 by default.
However, I also found this in the changelog for the 3.0.3:
changelog prior to 3.0.3 release wrote:- Kill the FTP session if we see session re-use failure. A report from Tim Kosse <tim.kosse@filezilla-project.org>.
So, session resumption should be implemented (unless your distro uses a mis-versioned custom package). That hints to a possible bug with the FTP server (probably the same I have with mine).
other errors you could experience wrote:- vsftpd-3.0.5 fixes the new ALPN selection, so it works again with the latest FileZilla client.
- vsftpd-3.0.4 is released, 6 years after the previous release! This now builds and runs again on a modern system such as Fedora 33 -- a few things had broken over the years. A few SSL modernizations have been applied, such as requiring TLSv1.2+ by default, supporting ALPN, and optionally supporting an SNI check. See the Changelog and vsftpd FAQ (frequently asked questions) for a list of common questions!
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

Lektor
500 Command not understood
Posts: 1
Joined: 2021-11-09 13:07
First name: Peter

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#27 Post by Lektor » 2021-11-09 13:14

I got same problem
Filezilla 3.56.2
Win 10
Clipboard02.png
Clipboard02.png (21.01 KiB) Viewed 5462 times

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#28 Post by botg » 2021-11-09 19:30

@Lektor: This thread is about failure of TLS session resumption on the data connection. There's no mention of session resumption on your screenshot, hence it is a completely different issue. Please don't hijack threads with different topics.

deanchalk
500 Command not understood
Posts: 1
Joined: 2021-11-14 13:23
First name: Dean
Last name: Chalk

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#29 Post by deanchalk » 2021-11-14 13:33

Can you tell us when this issue is being resolved ???
It's not acceptable to 'blame' the FTP server for not being 'good enough' for the current version of filezilla
I have paid for filezilla pro, and use it to access a number of educational and academical ftp servers - which are always out of date one way or another
I don't care one tiny bit how good/secure/advanced etc etc these servers are, I just want my data - secure or unsecure or whatever. Criminal materminds are NOT interested in hacking the data I need.

Fortunately, I have found an old version of filezilla that works correctly, and have downgraded to that one.

Make sure this is fixed pronto.
I am myself a very experienced software developer, and if I released software that could no longer be used by a big chunk of my company's client base I would be fired - and rightly so

Get on with it or refund my pro licence, so I can find a proper FTP client

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: TLS session resumption on data connection failed. Closing control connection to start over.

#30 Post by botg » 2021-11-15 09:17

I don't care one tiny bit how good/secure/advanced etc etc these servers are, I just want my data - secure or unsecure or whatever. Criminal materminds are NOT interested in hacking the data I need.
Be explicit about your choice and select plain insecure FTP in the Site Manager. If you don't say you want to be insecure, FileZilla will do everything it can to keep the connection secure.

Post Reply