October 2019 Windows updates cause TLS session resumption issues with some FTP clients

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
hyxalu
500 Command not understood
Posts: 1
Joined: 2019-10-18 12:48

October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#1 Post by hyxalu » 2019-10-18 13:05

As stated on this blog, the recent Windows updates (October 2019) caused some issues for FTP clients using .NET framework (e.g. FluentFTP, ArxOne.Ftp, ...).

On the client side, the error might look like:

Code: Select all

Authentication failed because the remote party has closed the transport stream
While on FileZilla Server side, the error is:

Code: Select all

450 TLS session of data connection has not resumed or the session does not match the control connection
The linked post suggests that updating OpenSSL used by FZS would solve the issue but I haven't been able to do that by myself.

Uninstalling the Windows update is unfortunately not an option.

User avatar
botg
Site Admin
Posts: 32427
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#2 Post by botg » 2019-10-18 16:31

Updating to OpenSSL 1.1 isn't possible due to an incompatible API.

Please wait for the FileZilla Server rewrite which will be using GnuTLS.

oliver.frodrigues
500 Command not understood
Posts: 1
Joined: 2019-10-22 09:28
First name: Oliver
Last name: Rodrigues

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#3 Post by oliver.frodrigues » 2019-10-22 09:30

I ended up setting up Windows Server FTP /IIS feature
it is not as easy to setup but worked for me in the end

JohnLBevan
500 Command not understood
Posts: 1
Joined: 2019-10-22 10:50
First name: John
Last name: Bevan

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#4 Post by JohnLBevan » 2019-10-22 10:57

Should this be logged on the bug tracker? I couldn't find a reference to it, having tried various search filters.

I also couldn't find anything tracking a rewrite; but maybe that sort of change is tracked elsewhere... Is there a rough ETA for when the new version would be available? I'm guessing it's going to be months or more rather than days or less...

Thank-you in advance.

sumiflow
500 Command not understood
Posts: 1
Joined: 2019-10-23 16:20

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#5 Post by sumiflow » 2019-10-23 16:28

Unless someone has a workaround, then It seems that with this bug I can't securely connect to a FileZilla server from .NET anymore. That's a deal breaker for me.

FTPFTW
500 Command not understood
Posts: 2
Joined: 2019-10-23 20:53

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#6 Post by FTPFTW » 2019-10-23 21:05

Good evening everybody!
I actually registered because of this specific problem, because i learned to rely on FileZillaServer quietly ticking in the background doing its job.
I actually molested to other software forums about their "broken" software before even asuming the problem could be the server.
As it turns out this seems to be the case though.
Nonetheless do I have two questions:
botg wrote:
2019-10-18 16:31
Please wait for the FileZilla Server rewrite which will be using GnuTLS.
I know this is terribly unpolite, but do we have even any ETA on that? Are we taking days, weeks, months or years?
I know that this is nothing I can demand, but as said, I learned to rely on it, and while I quickly could move things over to sftp, the performance is just abominable.

Second:
Why does it only affect certain clients?
For example the FileZilla client maneuvers it just fine. As well as the TotalCommander Android App.
The TotalCommander 64Bit Win Version or my backup-software Duplicati crap out completely.

Every article I have found on the Windows Update said that it affects the server, and the server "forces" TLS resumption.
So how comes that some clients still work?

User avatar
boco
Contributor
Posts: 24754
Joined: 2006-05-01 03:28
Location: Germany

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#7 Post by boco » 2019-10-24 02:48

As I understand it, the problem is only with clients relying on the .NET framework in some way (depends on the language it was coded in). FileZilla does not use .NET and is unaffected.

Incompatibility of .NET implementation vs. OpenSSL-based FTP server software. And yes, TLS session resumption is forced by default, as security feature. Can be disabled in the settings, lowers security but might restore operation, as a stop gap measure.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Moritz
500 Command not understood
Posts: 2
Joined: 2019-10-17 08:59

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#8 Post by Moritz » 2019-11-05 07:17

Ahh,
so it was a windows update that broke our app. I was wondering why all of a sudden we got error messages all over the place.. I also registered just for that topic but posted here: viewtopic.php?t=36903
Any idea when the FileZilla rewrite will come out? I can live with the disabled "force session resumption" feature for a while but if changes to our app are necessary, I'd rather know now and have a dev take a look at it...
All the best,

Moritz

User avatar
boco
Contributor
Posts: 24754
Joined: 2006-05-01 03:28
Location: Germany

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#9 Post by boco » 2019-11-05 11:28

It would be best fixing the App, as the rewrite is in very early stages, only. Additionally, you never know what surprises other FTP servers in the wild may provide.
Ahh,
so it was a windows update that broke our app.
Welcome to the clusterfuck known as WaaS. Better get used to it, will happen all the time, from now on.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

FTPFTW
500 Command not understood
Posts: 2
Joined: 2019-10-23 20:53

Re: October 2019 Windows updates cause TLS session resumption issues with some FTP clients

#10 Post by FTPFTW » 2019-11-05 19:28

I am stalking the FileZilla website and forum as well ever since.
The whole Situation is kind of frustrating.

So I ask again if there is any kind of timeline either on a fix for the current version or the rewrite?
If not, is there a newsletter somewhere so that would get the word as fast as possible?

Post Reply