FTP Plugin 2.43 does not support tls 1.3

[33kk99]

FTP Plugin 2.43 does not support tls 1.3.

[ghisler(Author)]

Sorry, currently only TLS 1.2 and 1.1 are supported. I don't know whether Android supports TLS 1.3, and from which version.

[chandragor]

From https://developer.android.com/about/versions/10/behavior-changes-all

Android 10 includes the following security changes.

TLS 1.3 enabled by default

In Android 10 and higher, TLS 1.3 is enabled by default for all TLS connections

[ghisler(Author)]

I have checked this now: TLS 1.3 is not enabled by default when creating an SslSocket. When I enable it manually, I can connect to the server, but I can't transfer any data when SSL session reuse is enabled on the server side (which is unfortunately the default for ProFTPd). Therefore I can't enable TLS 1.3, otherwise you would not get any directory listings and couldn't upload or download anything. This is a problem with the Android SSL stack and can't be changed. I would have to compile and include my own OpenSSL libraries, something no one has done before...

[ghisler(Author)]

I have made further tests, and it seems that ProFTPd 1.3.7 and newer support TLS 1.3. Older versions try to use session IDs, which are not supported in TLS 1.3. Instead, TLS 1.3 uses so-called session tickets.

ProFTPd in Fedora Linux 37 is at version 1.3.7 and works with TLS 1.3.
ProFTPd on a Raspberry PI with the default Raspberry OS/Raspbian is at version 1.3.6 (backported patches) and does NOT work with TLS 1.3. You will get an empty directory.

In the latest beta of the plugin, you can now enable TLS 1.3 manually in the connection settings. You will get a warning when a server returns an empty directory.

To get the beta from the Play Store, you can enable beta versions here:
https://play.google.com/apps/testing/com.ghisler.tcplugins.FTP
The beta is also available via our fDroid beta repository:
https://www.ghisler.com/fdroid.htm