Skip to content

Enter your idea, suggestion or describe your problem

← Solid Explorer 2.0

Support TLS session resumption

On my FTP server, using explicit FTP over TLS, if the option "Require TLS session resumption on data conection when using PROT P" is enabled, Solid Explorer fails with "There was a problem with SSL communication". If that option is disabled, everything works.

Using FileZilla Server 0.9.59.

30 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
José Rebelo shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Daniel Wells commented  ·   ·  Report

    For reference...
    https://forum.filezilla-project.org/viewtopic.php?t=36903
    It appears that by not having this option, we may be opening up our server to potential attacks.
    This issue is old now, but I believe this should be escalated as a vulnerability, rather than a "feature request" based on popular vote.

    "Not requiring session resumption allows session stealing attacks. The problem with FTP is that the data connection does not authenticate the client: Imagine you a want to upload a new version of your website. To initiate the transfer your client sends the PASV command followed by the STOR command. The server opens a port and waits for the client to connect to it and upload the file. Now an attacker comes along and figures out the port the server listens on. He connects to the port before you can and uploads a piece of malware to your website."

Solid Explorer 2.0: Problems

Categories

Feedback and Knowledge Base

(thinking…)