October 2019 Windows updates cause TLS session resumption issues with some FTP clients

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
hyxalu
500 Command not understood
Posts: 1
Joined: 2019-10-18 12:48

October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#1 Post by hyxalu » 2019-10-18 13:05

As stated on this blog, the recent Windows updates (October 2019) caused some issues for FTP clients using .NET framework (e.g. FluentFTP, ArxOne.Ftp, ...).

On the client side, the error might look like:

Code: Select all

Authentication failed because the remote party has closed the transport stream
While on FileZilla Server side, the error is:

Code: Select all

450 TLS session of data connection has not resumed or the session does not match the control connection
The linked post suggests that updating OpenSSL used by FZS would solve the issue but I haven't been able to do that by myself.

Uninstalling the Windows update is unfortunately not an option.

User avatar
botg
Site Admin
Posts: 35506
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#2 Post by botg » 2019-10-18 16:31

Updating to OpenSSL 1.1 isn't possible due to an incompatible API.

Please wait for the FileZilla Server rewrite which will be using GnuTLS.

oliver.frodrigues
500 Command not understood
Posts: 1
Joined: 2019-10-22 09:28
First name: Oliver
Last name: Rodrigues

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#3 Post by oliver.frodrigues » 2019-10-22 09:30

I ended up setting up Windows Server FTP /IIS feature
it is not as easy to setup but worked for me in the end

JohnLBevan
500 Command not understood
Posts: 1
Joined: 2019-10-22 10:50
First name: John
Last name: Bevan

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#4 Post by JohnLBevan » 2019-10-22 10:57

Should this be logged on the bug tracker? I couldn't find a reference to it, having tried various search filters.

I also couldn't find anything tracking a rewrite; but maybe that sort of change is tracked elsewhere... Is there a rough ETA for when the new version would be available? I'm guessing it's going to be months or more rather than days or less...

Thank-you in advance.

sumiflow
500 Command not understood
Posts: 1
Joined: 2019-10-23 16:20

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#5 Post by sumiflow » 2019-10-23 16:28

Unless someone has a workaround, then It seems that with this bug I can't securely connect to a FileZilla server from .NET anymore. That's a deal breaker for me.

FTPFTW
504 Command not implemented
Posts: 6
Joined: 2019-10-23 20:53

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#6 Post by FTPFTW » 2019-10-23 21:05

Good evening everybody!
I actually registered because of this specific problem, because i learned to rely on FileZillaServer quietly ticking in the background doing its job.
I actually molested to other software forums about their "broken" software before even asuming the problem could be the server.
As it turns out this seems to be the case though.
Nonetheless do I have two questions:
botg wrote:
2019-10-18 16:31
Please wait for the FileZilla Server rewrite which will be using GnuTLS.
I know this is terribly unpolite, but do we have even any ETA on that? Are we taking days, weeks, months or years?
I know that this is nothing I can demand, but as said, I learned to rely on it, and while I quickly could move things over to sftp, the performance is just abominable.

Second:
Why does it only affect certain clients?
For example the FileZilla client maneuvers it just fine. As well as the TotalCommander Android App.
The TotalCommander 64Bit Win Version or my backup-software Duplicati crap out completely.

Every article I have found on the Windows Update said that it affects the server, and the server "forces" TLS resumption.
So how comes that some clients still work?

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#7 Post by boco » 2019-10-24 02:48

As I understand it, the problem is only with clients relying on the .NET framework in some way (depends on the language it was coded in). FileZilla does not use .NET and is unaffected.

Incompatibility of .NET implementation vs. OpenSSL-based FTP server software. And yes, TLS session resumption is forced by default, as security feature. Can be disabled in the settings, lowers security but might restore operation, as a stop gap measure.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

Moritz
500 Command not understood
Posts: 2
Joined: 2019-10-17 08:59

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#8 Post by Moritz » 2019-11-05 07:17

Ahh,
so it was a windows update that broke our app. I was wondering why all of a sudden we got error messages all over the place.. I also registered just for that topic but posted here: viewtopic.php?t=36903
Any idea when the FileZilla rewrite will come out? I can live with the disabled "force session resumption" feature for a while but if changes to our app are necessary, I'd rather know now and have a dev take a look at it...
All the best,

Moritz

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#9 Post by boco » 2019-11-05 11:28

It would be best fixing the App, as the rewrite is in very early stages, only. Additionally, you never know what surprises other FTP servers in the wild may provide.
Ahh,
so it was a windows update that broke our app.
Welcome to the clusterfuck known as WaaS. Better get used to it, will happen all the time, from now on.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

FTPFTW
504 Command not implemented
Posts: 6
Joined: 2019-10-23 20:53

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#10 Post by FTPFTW » 2019-11-05 19:28

I am stalking the FileZilla website and forum as well ever since.
The whole Situation is kind of frustrating.

So I ask again if there is any kind of timeline either on a fix for the current version or the rewrite?
If not, is there a newsletter somewhere so that would get the word as fast as possible?

mikeb
500 Command not understood
Posts: 4
Joined: 2019-10-26 19:04
First name: Mike
Last name: B.

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#11 Post by mikeb » 2019-11-29 16:28

botg wrote:
2019-10-18 16:31
Updating to OpenSSL 1.1 isn't possible due to an incompatible API.

Please wait for the FileZilla Server rewrite which will be using GnuTLS.
This is affecting us as well and impacting security.

Any ideas when we might expect the FileZilla Server rewrite which will be using GnuTLS?

mikeb
500 Command not understood
Posts: 4
Joined: 2019-10-26 19:04
First name: Mike
Last name: B.

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#12 Post by mikeb » 2019-12-11 17:53

Any update here?

User avatar
botg
Site Admin
Posts: 35506
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#13 Post by botg » 2019-12-11 18:47

When it's done. 2020 sounds like a good year.

FTPFTW
504 Command not implemented
Posts: 6
Joined: 2019-10-23 20:53

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#14 Post by FTPFTW » 2019-12-13 19:00

In the meantime, do the developers have any recommendations on the security side of things?
Deactivate the TLS Resumption, disregard all clients that encounter the error, or uninstall KB4517389?

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#15 Post by boco » 2019-12-19 12:17

Security-wise? Don't disable session resumption and only use compatible clients, until this is fixed by MS or OpenSSL.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

Post Reply