450 TLS session of data connection has not resumed

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
gemmy
503 Bad sequence of commands
Posts: 18
Joined: 2010-05-24 05:10
First name: gemmy
Last name: king

450 TLS session of data connection has not resumed

#1 Post by gemmy » 2015-05-12 02:42

When I am using fireftp in firefox 2.0.23 and Filezilla server 0.9.51
when tick "Force PROT P to encrypt..."
and tick "Require TLC session resumption on data connection..."

I got the following message.
(192.168.0.106)> 450 TLS session of data connection has not resumed or the session does not match the control connection

Please help.
thanks

User avatar
botg
Site Admin
Posts: 32427
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: 450 TLS session of data connection has not resumed

#2 Post by botg » 2015-05-12 07:24

It appears your client does not support TLS session resumption. Please contact your client vendor so that TLS session resumption can be implemented in your client.

Not requiring session resumption allows session stealing attacks. The problem with FTP is that the data connection does not authenticate the client: Imagine you a want to upload a new version of your website. To initiate the transfer your client sends the PASV command followed by the STOR command. The server opens a port and waits for the client to connect to it and upload the file. Now an attacker comes along and figures out the port the server listens on. He connects to the port before you can and uploads a piece of malware to your website.

TLS session resumption prevents this, it acts as a form of authentication. If the TLS session of the data connection matches the session of the control connection, both the client and the server have the guarantee that the data connection is genuine. Any mismatch in sessions indicates a potential attack.

nasdrvr
500 Command not understood
Posts: 3
Joined: 2015-05-12 15:57
First name: Jason
Last name: P

Re: 450 TLS session of data connection has not resumed

#3 Post by nasdrvr » 2015-05-12 16:49

I am getting the same error "450 TLS session of data connection has not resumed or the session does not match the control connection" though the client was working on Friday and not working yesterday. Only change was something made the FileZillaServer.exe file disappear so I just downloaded and installed FileZilla server again. Any idea why this would change? Anyway I can resolve this? I have had to drop to regular FTP at this time.

Client software is Philips SpeechExec Pro Dictate. They are not terribly helpful and the software has not been changed between Friday and yesterday.

Jason

User avatar
botg
Site Admin
Posts: 32427
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: 450 TLS session of data connection has not resumed

#4 Post by botg » 2015-05-12 17:50

The option of requiring session resumption is a new feature of 0.9.51 and defaults to enabled.

nasdrvr
500 Command not understood
Posts: 3
Joined: 2015-05-12 15:57
First name: Jason
Last name: P

Re: 450 TLS session of data connection has not resumed

#5 Post by nasdrvr » 2015-05-12 21:11

Can that be session resumption be disabled?

gemmy
503 Bad sequence of commands
Posts: 18
Joined: 2010-05-24 05:10
First name: gemmy
Last name: king

Re: 450 TLS session of data connection has not resumed

#6 Post by gemmy » 2015-05-12 21:55

nasdrvr wrote:Can that be session resumption be disabled?
just un-tick
"Require TLC session resumption on data connection..."

nasdrvr
500 Command not understood
Posts: 3
Joined: 2015-05-12 15:57
First name: Jason
Last name: P

Re: 450 TLS session of data connection has not resumed

#7 Post by nasdrvr » 2015-05-13 04:45

That resolved my issue. Thank you very much.

paule123
504 Command not implemented
Posts: 7
Joined: 2014-11-05 18:30

Re: 450 TLS session of data connection has not resumed

#8 Post by paule123 » 2015-05-14 18:29

Just wanted to chime in and say disabling TLS session resumption solved the problems we've had since upgrading from .49 to .51 last weekend.

Our client's linux/java system was unable to transfer files to us, and our "ftps.exe" ipswitch moveitfreely windows command line scripts were failing.

User avatar
boco
Contributor
Posts: 24754
Joined: 2006-05-01 03:28
Location: Germany

Re: 450 TLS session of data connection has not resumed

#9 Post by boco » 2015-05-14 20:10

Yes, and they need to be fixed.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

0tt0
500 Syntax error
Posts: 16
Joined: 2009-01-12 15:10
First name: J
Last name: O

Re: 450 TLS session of data connection has not resumed

#10 Post by 0tt0 » 2015-06-06 07:36

Haudi,

I've been having some issues with FTP lately and looked elsewhere first but think this might be it.. but in my case it's FileZilla that needs fixing..?

I have 2 clients that access 2 servers, all are FileZilla /server.

Servers, FileZilla server: (1) 0.9.41 and (2) may be latest version (not mine)
Clients, FileZilla: (1) 3.8.0 on Win64 and (2) 3.5.3-1ubuntu2 on Linux64 (latest in Ubuntu reps via apt-get and also the version shown with aptitude show)

Servers are both using FTPES explicit.

When connecting with client (1) to server (2) it works.
When connecting with client (2) to server (2) it does not work.
When connecting with client (2) to server (1) it works.

1 -> 1 is not used.

Am I missing something here or is there something else in play here?

If the Ubuntu reps are trailing too much (the 'about' for 3.5.3 on Ubuntu says 2012..!) I can install separately but since I have a number of Linux systems to mange I like to streamline updates as much as possible and using the apt-get is practical.

So, is this an issue with way to old version on the Ubuntu then? When did the support for this come to FileZilla?

TIA,

User avatar
boco
Contributor
Posts: 24754
Joined: 2006-05-01 03:28
Location: Germany

Re: 450 TLS session of data connection has not resumed

#11 Post by boco » 2015-06-06 08:14

None of the versions you named are supported by us anymore. With no influence on the servers (urge them to upgrade if they don't run 0.9.52.1), at least run the latest client release (3.11.0.2, currently). For Ubuntu, don't bother with the repo version (FileZilla repo is not maintained by canonical, only community).

The reason you can not connect to the second server is that old FileZilla versions do not support the new security requirements.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

0tt0
500 Syntax error
Posts: 16
Joined: 2009-01-12 15:10
First name: J
Last name: O

Re: 450 TLS session of data connection has not resumed

#12 Post by 0tt0 » 2015-06-06 09:48

boco wrote:None of the versions you named are supported by us anymore. With no influence on the servers (urge them to upgrade if they don't run 0.9.52.1), at least run the latest client release (3.11.0.2, currently). For Ubuntu, don't bother with the repo version (FileZilla repo is not maintained by canonical, only community).

The reason you can not connect to the second server is that old FileZilla versions do not support the new security requirements.
Been a bit relaxed here it seems, the info you mention is available.. tried to compile instead but latest repo version of GCC/g++ complained:

error: *** A compiler with support for C++11 language features is required.

So the Gnu compiler stuff isn't updated in repos either? This is somewhat annoying... maybe I should revert back to M$ on some of my clients..

Thanx,

User avatar
botg
Site Admin
Posts: 32427
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: 450 TLS session of data connection has not resumed

#13 Post by botg » 2015-06-06 09:51

I think you need to update your Ubuntu installation to e.g. Ubuntu 15.04

0tt0
500 Syntax error
Posts: 16
Joined: 2009-01-12 15:10
First name: J
Last name: O

Re: 450 TLS session of data connection has not resumed

#14 Post by 0tt0 » 2015-06-06 10:32

botg wrote:I think you need to update your Ubuntu installation to e.g. Ubuntu 15.04
I am on a supported Ubuntu LTS version.. but I get your comment.. I think there was some bug in latest LTS that put me off when I looked at that issue not long ago.

Thanx,

jmayorga5
500 Command not understood
Posts: 1
Joined: 2015-07-09 16:24
First name: John
Last name: Mayorga

Re: 450 TLS session of data connection has not resumed

#15 Post by jmayorga5 » 2015-07-09 16:41

Tim,

I am getting conflicting information on the security ramifications of "session resumption".

Please see: https://timtaubert.de/blog/2014/11/the- ... entations/

My company is working with health data, so, obviously, there is concern.

John

Post Reply