TLS session resumption on data connection failed. Closing control connection to start over.

[hornbill]

seems that the issue is resolved (anyway partially) in the latest update (3.57.0)
guess it is related to the fix comment:

Fixed a crash if a HTTPS connection gets canceled during the TLS handshake

instead of getting the "TLS session resumption on data connection failed messages" and no reconnect / failed transfer,
I'm getting disconnection / re-connection messages :

connection timed out after 20 seconds of inactivity
file transfer failed after transferring x bytes in y seconds
connecting to my.server.ip
connection established, waiting for welcome message
initializing TLS...
file transfer successful, transferred x bytes in z seconds.

result: file transferred successfully, and download queue was able to be complete. (with multiple disconnection / re-connection)

some questions:

can anyone approve that this update fixed their problem too?
how this fix related to the "ftp server fault" mentioned earlier in this topic? is this a workaround by filezilla? was it really a server fault at all?
why I'm getting a "transfer failed" message even that the transfer was successful ? (verified with checksum)

Thanks everyone for making such a good program.

[botg]

No, nothing has changed affecting FTP over TLS. Yes, it is a server-side issue.

[nobby6]

Just letting everyone know if running pureftpd, this is corrected in the just-this-past-week released 1.0.51

cheers

[botg]

Hooray!

[Dredlock1]

And, while you still are at testing, FileZilla has an option in the settings to allow a minimum version of TLS 1.1 or even 1.0. Does it connect with this setting set to 1.1/1.0?

We had a similar discussion not long ago, about the FTP Voyager client which is also from Rhinosoft/Solarwinds. That client only supports TLS 1.0 max, so, I fear for the worst...

You know your stuff boco on FTP.

I think it would have saved many people head aches if they just made it backward compatible back to tls 1.0 Maybe not SSL v2-3 why? Filezilla is for cheap skates or companies that don't want to pay to have a FTP updated and reconfigured. Its amazing how many companies used OLD software, ie. Movie Theater companies that maintain the equipment via old year 2001 software the medical field is bad too typically 10 years behind current. I won't go into the reasons but its real.

So if it were me taking over Filezilla going from .96 to 1.xxx I would make sure it worked with tls 1.0. Why? because it was predictable for people to have issues. Sure they are less secure but they is on them and they will come here complaining spending hours installing uninstalling crying screaming that they just want it to work to hell with security. They do not have control over 1,000 people that use the FTP so yea very predictable issues and is why many revert back.

Another free program people use is <unimportant detail> to send files via automated FTP. The old version supported tls 1.0 but not the new version and he cant get the new version to work with the new version of filezilla server. So people are reverting back to his old version due to issues. Seems programming a working (Free) Ftp server and client is not a cake walk.

[botg]

Maybe not SSL v2-3 why?

SSL is just broken. It's no more secure than plain insecure FTP. Plain FTP still exists in FileZilla Server, and by being honest and explicit about its insecurity, there is no opportunity for users to hind behind a veneer of faux security.

the medical field is bad too typically 10 years behind current.

This is terrible. The medical field in particular should be ahead of the curve. It's the medical field for fucks sake, lives are at stake!

Sure they are less secure

Replace "Less secure" with "completely unsecured", the truth is harsh and brutal. Don't sugarcoat complete lack of security as "less secure".

they will come here complaining spending hours installing uninstalling crying screaming that they just want it to work to hell with security.

They have that option. It's called plain insecure FTP. It's the honest option. Care about security? Update continuously as the threat landscape is evolving. Don't care about security? Use plain insecure FTP. Security is binary, there is no middle ground.

So if it were me taking over Filezilla going from .96 to 1.xxx I would make sure it worked with tls 1.0.

TLS 1.1 came out in 2006. TLS 1.2 came out in 2008. FileZilla Server 1.x came out in 2021. Between 2008 and 2021, what have the developers of these other clients that are stuck on TLS 1.0 been doing all this time? Certainly not improving their software.

They do not have control over 1,000 people that use the FTP so yea very predictable issues and is why many revert back.

What stops these people from just hitting the update button? It's just software. Modern replacement to old junk is just a few mouse clicks away.

Another free program people use is <unimportant detail> to send files via automated FTP. The old version supported tls 1.0 but not the new version and he cant get the new version to work with the new version of filezilla server. Seems programming a working (Free) Ftp server and client is not a cake walk.

That sounds like a skill issue. The libraries are all out there, one just has to use them, it's a piece of cake with the right library. Unless of course they want to implement the TLS and networking libraries themselves, in which case you should tell them to "Git Gud" as the kids say. If their developers have have trouble understanding FTP over TLS on a conceptual level, they are free to contact me, I can explain in excruciating detail, citing RFCs all day long, how it works.