FileZilla Forums

When I am using fireftp in firefox 2.0.23 and Filezilla server 0.9.51
when tick "Force PROT P to encrypt..."
and tick "Require TLC session resumption on data connection..."

I got the following message.
(192.168.0.106)> 450 TLS session of data connection has not resumed or the session does not match the control connection

Please help.
thanks

It appears your client does not support TLS session resumption. Please contact your client vendor so that TLS session resumption can be implemented in your client.

Not requiring session resumption allows session stealing attacks. The problem with FTP is that the data connection does not authenticate the client: Imagine you a want to upload a new version of your website. To initiate the transfer your client sends the PASV command followed by the STOR command. The server opens a port and waits for the client to connect to it and upload the file. Now an attacker comes along and figures out the port the server listens on. He connects to the port before you can and uploads a piece of malware to your website.

TLS session resumption prevents this, it acts as a form of authentication. If the TLS session of the data connection matches the session of the control connection, both the client and the server have the guarantee that the data connection is genuine. Any mismatch in sessions indicates a potential attack.

I am getting the same error "450 TLS session of data connection has not resumed or the session does not match the control connection" though the client was working on Friday and not working yesterday. Only change was something made the FileZillaServer.exe file disappear so I just downloaded and installed FileZilla server again. Any idea why this would change? Anyway I can resolve this? I have had to drop to regular FTP at this time.

Client software is Philips SpeechExec Pro Dictate. They are not terribly helpful and the software has not been changed between Friday and yesterday.

Jason

The option of requiring session resumption is a new feature of 0.9.51 and defaults to enabled.

Can that be session resumption be disabled?

nasdrvr wrote:Can that be session resumption be disabled?

just un-tick
"Require TLC session resumption on data connection..."

That resolved my issue. Thank you very much.

Just wanted to chime in and say disabling TLS session resumption solved the problems we've had since upgrading from .49 to .51 last weekend.

Our client's linux/java system was unable to transfer files to us, and our "ftps.exe" ipswitch moveitfreely windows command line scripts were failing.

Yes, and they need to be fixed.

Haudi,

I've been having some issues with FTP lately and looked elsewhere first but think this might be it.. but in my case it's FileZilla that needs fixing..?

I have 2 clients that access 2 servers, all are FileZilla /server.

Servers, FileZilla server: (1) 0.9.41 and (2) may be latest version (not mine)
Clients, FileZilla: (1) 3.8.0 on Win64 and (2) 3.5.3-1ubuntu2 on Linux64 (latest in Ubuntu reps via apt-get and also the version shown with aptitude show)

Servers are both using FTPES explicit.

When connecting with client (1) to server (2) it works.
When connecting with client (2) to server (2) it does not work.
When connecting with client (2) to server (1) it works.

1 -> 1 is not used.

Am I missing something here or is there something else in play here?

If the Ubuntu reps are trailing too much (the 'about' for 3.5.3 on Ubuntu says 2012..!) I can install separately but since I have a number of Linux systems to mange I like to streamline updates as much as possible and using the apt-get is practical.

So, is this an issue with way to old version on the Ubuntu then? When did the support for this come to FileZilla?

TIA,

None of the versions you named are supported by us anymore. With no influence on the servers (urge them to upgrade if they don't run 0.9.52.1), at least run the latest client release (3.11.0.2, currently). For Ubuntu, don't bother with the repo version (FileZilla repo is not maintained by canonical, only community).

The reason you can not connect to the second server is that old FileZilla versions do not support the new security requirements.

boco wrote:None of the versions you named are supported by us anymore. With no influence on the servers (urge them to upgrade if they don't run 0.9.52.1), at least run the latest client release (3.11.0.2, currently). For Ubuntu, don't bother with the repo version (FileZilla repo is not maintained by canonical, only community).

The reason you can not connect to the second server is that old FileZilla versions do not support the new security requirements.

Been a bit relaxed here it seems, the info you mention is available.. tried to compile instead but latest repo version of GCC/g++ complained:

error: *** A compiler with support for C++11 language features is required.

So the Gnu compiler stuff isn't updated in repos either? This is somewhat annoying... maybe I should revert back to M$ on some of my clients..

Thanx,

I think you need to update your Ubuntu installation to e.g. Ubuntu 15.04

botg wrote:I think you need to update your Ubuntu installation to e.g. Ubuntu 15.04

I am on a supported Ubuntu LTS version.. but I get your comment.. I think there was some bug in latest LTS that put me off when I looked at that issue not long ago.

Thanx,

Tim,

I am getting conflicting information on the security ramifications of "session resumption".

Please see: https://timtaubert.de/blog/2014/11/the- ... entations/

My company is working with health data, so, obviously, there is concern.

John