My feedback

1 result found

1. Support TLS session resumption

   30 votes

   Vote Vote Vote

   Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   1 vote 2 votes 3 votes Remove votes

   You have left! (?) (thinking…)
   1 comment  ·  Solid Explorer 2.0 » Problems  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   An error occurred while saving the comment
   Daniel Wells commented  ·  November 12, 2020  ·  Edit…  ·  Delete…

   For reference...
   https://forum.filezilla-project.org/viewtopic.php?t=36903
   It appears that by not having this option, we may be opening up our server to potential attacks.
   This issue is old now, but I believe this should be escalated as a vulnerability, rather than a "feature request" based on popular vote.

   "Not requiring session resumption allows session stealing attacks. The problem with FTP is that the data connection does not authenticate the client: Imagine you a want to upload a new version of your website. To initiate the transfer your client sends the PASV command followed by the STOR command. The server opens a port and waits for the client to connect to it and upload the file. Now an attacker comes along and figures out the port the server listens on. He connects to the port before you can and uploads a piece of malware to your website."

   Save Submitting...