EldoS | Feel safer!

Software components for data protection, secure storage and transfer

450 TLS Error

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#34750
Posted: 10/12/2015 16:57:53
by William Egge (Standard support level)
Joined: 08/17/2011
Posts: 27

I am getting this error when connection to FileZilla Server. I don't get it when using the FileZilla client. What setting do I need to change in Eldos FTP Client?

> 450 TLS session of data connection has not resumed or the session does not match the control connection

I suspect the issue is related to the following server setting, see attachment.


#34751
Posted: 10/12/2015 17:16:57
by Ken Ivanov (EldoS Corp.)

Hi William,

Thank you for contacting us.

According to the error message it looks like the server wants TLS connection on the data channel to be derived from that on the control channel rather than created from scratch (those two are just different techniques of setting up a protected data channel). Please try setting the UseSSLSessionResumption property of your TElSimpleFTPSClient object to true and check if it helps (and it should).

Cheers,

Ken
#34758
Posted: 10/13/2015 07:52:45
by William Egge (Standard support level)
Joined: 08/17/2011
Posts: 27

Thank you,

I have created a simple wrapper around the FTP class (an interface) and I use this for connecting to various FTP servers. Will this setting break other FTP server connections?
#34760
Posted: 10/13/2015 08:07:30
by Ken Ivanov (EldoS Corp.)

Hi William,

It actually may. Back in 2012 an attack on FTPS protocol was described that uses TLS session resumption approach to compromise the data channel. Therefore a lot of servers will refuse from establishing the data channel in 'session reuse' mode to make themselves safe against the attack.

If you need your software to connect to a variety of different servers, I believe the best option would be to allow your users to adjust this setting where needed - and to have it set to false by default.

Ken
#34766
Posted: 10/13/2015 10:19:30
by William Egge (Standard support level)
Joined: 08/17/2011
Posts: 27

Thank you,

UseSSLSessionResumption worked. I was able to connect and upload a file. Thank you for your knowledge on the security.

Do you know if there is a way I can detect this in code?
#34767
Posted: 10/13/2015 11:40:14
by Ken Ivanov (EldoS Corp.)

Hi William,

I am afraid the only way to detect the mode(s) approved by the server is to try to establish a data connection in both modes and check which of them work. You can try that on GetFileList() method, for instance.

Ken
#34768
Posted: 10/13/2015 13:23:16
by William Egge (Standard support level)
Joined: 08/17/2011
Posts: 27

Thank you.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 3912 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!