Page 1 of 2

explicit FTP over TLS problem

Posted: Mon Apr 13, 2020 6:13 am
by harrisc
I just purchased AndFTP Pro and I have a problem

I want to access my website using FTP. I can connect from my Windows 10 PC using Filezilla. In Filezilla I "Require explicit FTP over TLS"

In AndFTP I use FTPS (explicit FTP over TLS/SSL. When logging in I start logging in with "150 Accepted data connection" but then get a message "Connection closed without indication", and cannot proceed.

When contacting my website provider they could only suggest that AndFTP was not TLS 1.2 compliant!

I exported the site data from FileZilla and imported the site data. This entry gave the same results! BTW the destination folder did not import correctly.

Can you suggest how to connect to my website?

Regards

Chris

Re: explicit FTP over TLS problem

Posted: Mon Apr 13, 2020 12:26 pm
by support
AndFTP relies on Android SSLEngine for SSL/TLS support. From the table below it looks it's supported:
https://developer.android.com/reference ... /SSLEngine
Except if you have a very old device.

Are you using Active or Passive mode? Try both.

Maybe the problem is with SSL session re-use?
AndFTP does not support SSL session re-use due to missing low level API to access SSL session.

Options to disable it on server:

Re: explicit FTP over TLS problem

Posted: Mon Apr 13, 2020 12:42 pm
by harrisc
I am using a Samsung S7 and a Huaewi MediaPad M5, which I would not call old; they are running Android 8.

On the web server there are no configuration options for SSL session re-use

Re: explicit FTP over TLS problem

Posted: Mon Apr 13, 2020 12:45 pm
by support
Android 8 is fine, it should work.

Is it possible for you to provide a temporary testing account so we could try to reproduce the problem from here? If so then please contact support(at)lysesoft.com

Re: explicit FTP over TLS problem

Posted: Mon Apr 13, 2020 1:39 pm
by harrisc
I sent an email with details of temporary ftp account

Re: explicit FTP over TLS problem

Posted: Mon Apr 13, 2020 2:00 pm
by support
Received. Having a look right now.

Re: explicit FTP over TLS problem

Posted: Mon Apr 13, 2020 3:15 pm
by support
I can reproduce the problem.

I would say the problem comes from SSL session re-use setup as mandatory by your hosting provider. Full explanation is detailed in the link below, same problem as you (same FTP server: Pure-FTPd):
http://mail-archives.apache.org/mod_mbo ... an.JIRA%3E

Could you see if you can have this option disabled? If not just move to SFTP (SSH) instead of FTPS and it will work.

Re: explicit FTP over TLS problem

Posted: Thu Apr 16, 2020 10:42 am
by support
We have a workaround in AndFTP 5.3. We've added TLS data channel option in expert settings. You can setup it to "Clear" instead of "Private". Drop an email to support(at)lysesoft.com to get 5.3 beta.
FTPS_channel.png

Re: explicit FTP over TLS problem

Posted: Thu Apr 16, 2020 11:35 am
by harrisc
I tried the beta. I followed the steps. I set FTS data channel security to Clear. I then saved the setup.

I then tried logon. I get message
227, Entering Passive Mode (xxx.xx. ...)
521. Data connection cannot be oped with this PROT setting.

Any other suggestions?
Chris

Re: explicit FTP over TLS problem

Posted: Thu Apr 16, 2020 2:44 pm
by support
It means your FTPS server settings does not allow Clear data channel and force TLS session reuse.
Too bad ... this workaround works for me with Godaddy.

Do you have SFTP/SSH provided by your hosting server? It would be the solution.