Support TLS session resumption?

Support for Android version of Total Commander

Moderators: Stefan2, white, sheep, Hacker

Post Reply
33kk99
Junior Member
Junior Member
Posts: 16
Joined: 2016-11-14, 05:00 UTC

Support TLS session resumption?

Post by *33kk99 » 2016-11-14, 05:24 UTC

450 TLS session of data connection has not resumed or the session does not match the control connection

Server:Filezilla Server 0.5.59
Client:Android 7.0

Server setting:
File transfer security
Require TLS session resumption on data connection when seing PROT P

Filezilla Site Admin Reply:
TLS session resumption on the data connection is an important security feature, it prevents connection stealing attacks.
The used client software needs to be updated to one that properly reuses the TLS session on the data connection.

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 37548
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2016-11-15, 19:30 UTC

Strange, my FTP plugin for Android has supported TLS session resumption for a long time already. There must be something other which is wrong with the connection.
Author of Total Commander
http://www.ghisler.com

33kk99
Junior Member
Junior Member
Posts: 16
Joined: 2016-11-14, 05:00 UTC

Post by *33kk99 » 2016-11-21, 06:16 UTC

ghisler(Author) wrote:Strange, my FTP plugin for Android has supported TLS session resumption for a long time already. There must be something other which is wrong with the connection.
I know this is related to TLS session resumption because when I ask the administrator to disable this setting, I am able to connect. My question is, how can I connect with it enabled?

Others Answer
"Older versions of Rebex FTP/SSL client actually do support SSL session reusing (and it's enabled by default), but they only reuse data sessions, not the control session. "

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 37548
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2016-11-21, 10:42 UTC

It is always enabled by default.
Author of Total Commander
http://www.ghisler.com

Wandrer
Junior Member
Junior Member
Posts: 16
Joined: 2015-01-11, 07:32 UTC

Post by *Wandrer » 2017-01-28, 11:35 UTC

I do have this on my Galaxy S7 since the update to Android 7.0. Maybe a bug in Android 7?

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 37548
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2017-01-30, 14:32 UTC

I have tested this now: Android 7 had a small change in the called functions which makes this function fail. I found a workaround which works with my Nexus 7 with unofficial Android 7. Could you test it with your device, please?

Download here:
http://ghisler.fileburst.com/beta/tcandroidftp209b1.apk
Author of Total Commander
http://www.ghisler.com

Wandrer
Junior Member
Junior Member
Posts: 16
Joined: 2015-01-11, 07:32 UTC

Post by *Wandrer » 2017-01-30, 18:28 UTC

It works again on the S7 G930F with Android 7.

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 37548
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2017-02-02, 09:58 UTC

Great, then I will put it in the Play Store soon!
Author of Total Commander
http://www.ghisler.com

33kk99
Junior Member
Junior Member
Posts: 16
Joined: 2016-11-14, 05:00 UTC

Post by *33kk99 » 2017-03-13, 10:03 UTC

Android 7.1.1
tcandroid280b7.apk or Total Commander 2.72 final
FTP Plugin 2.09

The ftp plugin is not displayed in the software interface.
Can not find it.

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 37548
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2017-03-13, 13:57 UTC

The plugin should appear in the home folder of Total Commander. If it doesn't then you may have hidden it. Please long tap on the first entry in the list and choose "Show all hidden".
Author of Total Commander
http://www.ghisler.com

33kk99
Junior Member
Junior Member
Posts: 16
Joined: 2016-11-14, 05:00 UTC

Re: Support TLS session resumption?

Post by *33kk99 » 2018-10-08, 14:36 UTC

Unfortunately, this problem has appeared again.

450 TLS session of data connection has not resumed or the session does not match the control connection.

android 9.0
tc 2.90
tc-ftp 2.20

The same problem, turn off this option to use.
"Server setting:
File transfer security
Require TLS session resumption on data connection when seing PROT P"

ps: It still seems to be usable before the September security patch.

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 37548
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: Support TLS session resumption?

Post by *ghisler(Author) » 2018-10-09, 06:28 UTC

Unfortunately there is very little hope to make this work: Google is hiding more and more undocumented functions from Java, and doesn't provide any official replacements. Java does NOT officially support SSL session reuse, so I have to access some internal structures to make it work. I cannot even check whether the structures were hidden or just renamed, because I don't have any Android 9 device. The error does not occur in the emulator. The Pixel phones are not officially sold in Switzerland, and I'm not willing to pay $1000 for a phone which will not get any more updates in one year (Google released it in October 2017, and offers 2 years of platform updates).

The only solution would be to stop using Java SSL enceryption and convert the entire plugin to native C/C++, and then call my own copy of OpenSSL. This is a LOT of work (weeks if not months), and I don't really have the time to do that for a hobby project.

So my only suggestion here for you is to move on to some other app, sorry.
Author of Total Commander
http://www.ghisler.com

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 37548
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: Support TLS session resumption?

Post by *ghisler(Author) » 2018-10-14, 22:48 UTC

It looks like it's NOT an Android 9 problem! I just received an update from Google (not for Android, only for the "security provider" via play services) on Android 8.0 and 6.0 that gives me the same problem.

I think I have found a solution! Please try the following plugin:
https://www.totalcommander.ch/android/tcandroidftp221.apk

Installation: Do not uninstall the current version! Just tap on tcandroidftp221.apk in Total Commander to install the update.

Please let me know as soon as possible whether it works for you or not, so I can put it in the play store if it does. Thanks!
Author of Total Commander
http://www.ghisler.com

33kk99
Junior Member
Junior Member
Posts: 16
Joined: 2016-11-14, 05:00 UTC

Re: Support TLS session resumption?

Post by *33kk99 » 2018-10-16, 13:52 UTC

android 9.0
tc 2.91
tc-ftp 2.21

“TLS connection for data connection established”

The plugin is working fine. Great work, thank you. Seems to be the only app that supports re-use.
Sorry for coming late and getting an update from the store.

Tc's new interface icon looks good.

What does "security provider" mean? Monthly security update patch?

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 37548
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: Support TLS session resumption?

Post by *ghisler(Author) » 2018-10-17, 08:44 UTC

No problem, another user already confirmed that my changes worked.

The "Security provider" does things like SSL encryption for secure Internet connections. Updating it is part of the Google Play services. My app calls ProviderInstaller.installIfNeeded() to make sure it's up to date. You can read about it here:
https://developer.android.com/training/articles/security-gms-provider

The advantage is that this high risk security function gets updated even when a phone doesn't get updates from the manufacturer.
Author of Total Commander
http://www.ghisler.com

Post Reply