Running 2 versions of Win10 and FZ Server - 1 works - 1 doesn't

[FlyingRabbit]

I'm running 2 installs of WIN10 (2 different diks).
Win 10 install A has filezilla server version 0.9.60 beta installed, and all works very well.
Win 10 install B has filezilla server version 1.6.6 installed, and it only works for 2 out of 4 of the VPSses I want to backup to it.

The error I get: 425 unable to build data connection.
TLS version is set to 1.2
The router / firewall can't be the problem as when i switch to the other Windows version is works well. Same ports are used.

Also install A has norton and Malwarebytes running. Install B only has Norton running, and it also doesn't work when norton is disabled.

Any ideas? Thanks!

[oibaf]

Is there anything else written after "Unable to build data connection"? Like, the explanation of why it cannot build one?

[FlyingRabbit]

I gathered some screens:

Response from Updraft Backup plugin:





FZ Server response:



DirectAdmin backup repsonse:





FZ Server response:



But, successful from another DirectAdmin backup

[oibaf]

As it's clearly stated in the error, the TLS data connection didn't have its session resumed. The problem is it with the client: it has to use for the data connection a TLS session "resumed" from that of the control connection.

The fact it works with the 0.x version of FileZilla Server is due to the fact that that version is old and didn't care about security as much as it does the most recent one.

[FlyingRabbit]

The DirectAdmin server that does backup, has ProFTPd Version 1.3.8 installed, the other has too. They were launched together. Only difference is that the working one runs apache+nginx, the not working one runs litespeed.

Weird, right? Any ideas on how to solve this?

And for the Updraft backup? Anyidea? It should be able work too I guess.

[FlyingRabbit]

It also does not help adding:

Code: Select all

TLSOptions    NoSessionReuseRequired

Following this post: viewtopic.php?t=51548

[FlyingRabbit]

Nobody else running into this problem? All help & suggestions very much appreciated. Would like to get it working..

[FlyingRabbit]

Version 1.6.6 doesn't have the "Require TLS session resumption on data connection when using PROT P"? Seems like it would solve the issues.

This post seems to have the same issues and conclude the same. https://en.delphipraxis.net/topic/6114- ... t-resumed/

[oibaf]

As stated already, versions 1.x enforce that the data connections must have the TLS session resumed from the control connection. It's not something that can be opted out. The fix must be client-side, it's for security reasons.

[FlyingRabbit]

Ok. Could you give some direction on how to do that on the client side?

[oibaf]

Ok. Could you give some direction on how to do that on the client side?

From the screenshots you've posted, it appears that the client is the command line program "curl", which nowadays has the ability to do session resumption. Hence, the fix should be as simple as updating the curl program to its latest version, which will also bring loads of security fixes.