Total Commander

450 TLS session of data connection has not resumed or the session does not match the control connection

Server:Filezilla Server 0.5.59
Client:Android 7.0

Server setting:
File transfer security
Require TLS session resumption on data connection when seing PROT P

Filezilla Site Admin Reply：
TLS session resumption on the data connection is an important security feature, it prevents connection stealing attacks.
The used client software needs to be updated to one that properly reuses the TLS session on the data connection.

Strange, my FTP plugin for Android has supported TLS session resumption for a long time already. There must be something other which is wrong with the connection.

ghisler(Author) wrote:Strange, my FTP plugin for Android has supported TLS session resumption for a long time already. There must be something other which is wrong with the connection.

I know this is related to TLS session resumption because when I ask the administrator to disable this setting, I am able to connect. My question is, how can I connect with it enabled?

Others Answer
"Older versions of Rebex FTP/SSL client actually do support SSL session reusing (and it's enabled by default), but they only reuse data sessions, not the control session. "

It is always enabled by default.

I do have this on my Galaxy S7 since the update to Android 7.0. Maybe a bug in Android 7?

I have tested this now: Android 7 had a small change in the called functions which makes this function fail. I found a workaround which works with my Nexus 7 with unofficial Android 7. Could you test it with your device, please?

Download here:
https://plugins.ghisler.com/beta/tcandroidftp209b1.apk

It works again on the S7 G930F with Android 7.

Great, then I will put it in the Play Store soon!

Android 7.1.1
tcandroid280b7.apk or Total Commander 2.72 final
FTP Plugin 2.09

The ftp plugin is not displayed in the software interface.
Can not find it.

The plugin should appear in the home folder of Total Commander. If it doesn't then you may have hidden it. Please long tap on the first entry in the list and choose "Show all hidden".

Unfortunately, this problem has appeared again.

450 TLS session of data connection has not resumed or the session does not match the control connection.

android 9.0
tc 2.90
tc-ftp 2.20

The same problem, turn off this option to use.
"Server setting:
File transfer security
Require TLS session resumption on data connection when seing PROT P"

ps: It still seems to be usable before the September security patch.

Unfortunately there is very little hope to make this work: Google is hiding more and more undocumented functions from Java, and doesn't provide any official replacements. Java does NOT officially support SSL session reuse, so I have to access some internal structures to make it work. I cannot even check whether the structures were hidden or just renamed, because I don't have any Android 9 device. The error does not occur in the emulator. The Pixel phones are not officially sold in Switzerland, and I'm not willing to pay $1000 for a phone which will not get any more updates in one year (Google released it in October 2017, and offers 2 years of platform updates).

The only solution would be to stop using Java SSL enceryption and convert the entire plugin to native C/C++, and then call my own copy of OpenSSL. This is a LOT of work (weeks if not months), and I don't really have the time to do that for a hobby project.

So my only suggestion here for you is to move on to some other app, sorry.

It looks like it's NOT an Android 9 problem! I just received an update from Google (not for Android, only for the "security provider" via play services) on Android 8.0 and 6.0 that gives me the same problem.

I think I have found a solution! Please try the following plugin:
https://www.totalcommander.ch/android/tcandroidftp221.apk

Installation: Do not uninstall the current version! Just tap on tcandroidftp221.apk in Total Commander to install the update.

Please let me know as soon as possible whether it works for you or not, so I can put it in the play store if it does. Thanks!

android 9.0
tc 2.91
tc-ftp 2.21

“TLS connection for data connection established”

The plugin is working fine. Great work, thank you. Seems to be the only app that supports re-use.
Sorry for coming late and getting an update from the store.

Tc's new interface icon looks good.

What does "security provider" mean? Monthly security update patch?

No problem, another user already confirmed that my changes worked.

The "Security provider" does things like SSL encryption for secure Internet connections. Updating it is part of the Google Play services. My app calls ProviderInstaller.installIfNeeded() to make sure it's up to date. You can read about it here:
https://developer.android.com/training/articles/security-gms-provider

The advantage is that this high risk security function gets updated even when a phone doesn't get updates from the manufacturer.