FTP TLS session resumption not supported.

[Napsterbater]

Using keepass2android with FTPS (FTP over or with TLS) servers that require TLS session resumption do not work.

This is mainly a security feature and partially a minor performance boost in connection setup.

Any chance this could be added?

[PhilippC]

can you specify "do not work"? Do you see a specific error message. KP2A is using FluentFTP, I would neet to search for how to resolve this there.

[Napsterbater]

Seems this is a limitation in FluentFTP and their reliance on .NET

Basily with this limitation, FTPS is insecure. And i'm going to guess using a different FTP backend is not an available option.

robinrodricks/FluentFTP#347
dotnet/runtime#27916

[4-FLOSS-Free-Libre-Open-Source-Software]

Isn't a new session each time, more secure than reuse? I understand the performance benefits from TLS handshaking.

[astukov]

Isn't a new session each time, more secure than reuse? I understand the performance benefits from TLS handshaking.

As far as FTP goes, it doesn't. See, FTP Data channel is not authenticated, so any attacker could connect to this Data port and get access to information. As only the communication via port 21 is authenticated, it is a good idea to use that token for the Data channel as well.

[PinkDuck]

I continue to encounter this problem also with open-source FileZilla Server, latest v1.5.1 (min TLS 1.2)

Below are 3 verbose log capture. 1st from Keepass2Android on local Wi-Fi, 2nd out/back through Internet, 3rd FileZilla Client, which connects fine either way.

The former on DB selection displays "Warning: Server certificate validation failed: RemoteCertificateChainErrors. Install appropriate root certificate on your device or see settings." - despite Applicable Hostnames on Self-Signed cert including local server IP "pinkduck.myddns.me 192.168.1.71".

Keepass2Android log (Android 10 to FileZilla Server 1.5.1, both on local Wi-Fi network)
19/10/2022 14:15:27:991 -- AppSettingsActivity.OnPause 34
19/10/2022 14:15:28:13 -- PasswordActivity.OnStart 33
19/10/2022 14:15:28:15 -- PasswordActivity.OnResume 33
19/10/2022 14:15:28:16 -- DB null 33
19/10/2022 14:15:28:17 -- starting: True, Finishing: False, _performingLoad: False
19/10/2022 14:15:28:18 -- ftp://SETPink+Duck:********:2#192.168.1.71/Passwords/Passwords.kdbx isCached = True
19/10/2022 14:15:28:476 -- AppSettingsActivity.OnStop 34
19/10/2022 14:15:28:479 -- AppSettingsActivity.OnDestroyTrue 34
19/10/2022 14:15:29:158 -- PasswordActivity.OnPause 33
19/10/2022 14:15:29:177 -- SelectCurrentDbActivity 31: OnActivityResult FirstUser/1
19/10/2022 14:15:29:177 -- TryGetFromActivityResult: no data
19/10/2022 14:15:29:192 -- SelectCurrentDbActivity.OnStart 31
19/10/2022 14:15:29:195 -- SelectCurrentDbActivity.OnResume 31
19/10/2022 14:15:29:195 -- DB null 31
19/10/2022 14:15:29:198 -- SelectCurrentDbActivity.OnResume 31
19/10/2022 14:15:29:198 -- DB null 31
19/10/2022 14:15:29:236 -- SelectCurrentDbActivity.OnPause 31
19/10/2022 14:15:29:271 -- FileSelect.OnCreate
19/10/2022 14:15:29:310 -- FileSelect.OnStart
19/10/2022 14:15:29:311 -- FileSelect.OnResume
19/10/2022 14:15:29:334 -- FTP: IocToUri out = ftp://pinkduck.myddns.me/Passwords/Passwords.kdbx
19/10/2022 14:15:29:338 -- FTP: IocToUri out = ftp://192.168.1.71/Passwords/Passwords.kdbx
19/10/2022 14:15:29:390 -- SelectCurrentDbActivity.OnStop 31
19/10/2022 14:15:29:768 -- PasswordActivity.OnStop 33
19/10/2022 14:15:29:769 -- PasswordActivity.OnDestroyTrue 33
19/10/2022 14:15:31:577 -- ftp://SETPink+Duck:********:2#192.168.1.71/Passwords/Passwords.kdbx isCached = True
19/10/2022 14:15:31:606 -- FTP: IocToUri out = ftp://pinkduck.myddns.me/Passwords/Passwords.kdbx
19/10/2022 14:15:31:609 -- FTP: IocToUri out = ftp://192.168.1.71/Passwords/Passwords.kdbx
19/10/2022 14:15:31:612 -- FileSelect.OnPause
19/10/2022 14:15:31:632 -- PasswordActivity.OnCreate 35
19/10/2022 14:15:31:632 -- PasswordActivity:apptask= 35
19/10/2022 14:15:31:687 -- GetIocFromLaunchIntent()
19/10/2022 14:15:31:688 -- no keyprovider specified
19/10/2022 14:15:31:690 -- Reset keyfile
19/10/2022 14:15:31:691 -- FTP: IocToUri out = ftp://192.168.1.71/Passwords/Passwords.kdbx
19/10/2022 14:15:31:697 -- PasswordActivity.OnStart 35
19/10/2022 14:15:31:698 -- PasswordActivity.OnResume 35
19/10/2022 14:15:31:699 -- DB null 35
19/10/2022 14:15:31:699 -- starting: True, Finishing: False, _performingLoad: False
19/10/2022 14:15:31:700 -- ftp://SETPink+Duck:********:2#192.168.1.71/Passwords/Passwords.kdbx isCached = True
19/10/2022 14:15:31:702 -- Pre-loading database file starting
19/10/2022 14:15:31:703 -- ftp://SETPink+Duck:********:2#192.168.1.71/Passwords/Passwords.kdbx isCached = True
19/10/2022 14:15:31:704 -- ftp://SETPink+Duck:********:2#192.168.1.71/Passwords/Passwords.kdbx localVersionHash = E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
19/10/2022 14:15:31:705 -- ftp://SETPink+Duck:********:2#192.168.1.71/Passwords/Passwords.kdbx baseVersionHash = E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
19/10/2022 14:15:31:706 -- CFS: OpenWhenNoLocalChanges
19/10/2022 14:15:31:706 -- CFS: hashing cached version
19/10/2022 14:15:31:707 -- FTP: IocToUri out = ftp://192.168.1.71/Passwords/Passwords.kdbx
19/10/2022 14:15:31:757 -- PasswordModeSpinner item selected: 0
19/10/2022 14:15:31:891 -- found 80 in 81
19/10/2022 14:15:31:893 -- cannot autofill
19/10/2022 14:15:32:174 -- FileSelect.OnStop
19/10/2022 14:15:32:267 -- FileSelect.OnDestroyTrue
19/10/2022 14:15:33:375 -- FTP: IocToUri out = ftp://192.168.1.71/Passwords/Passwords.kdbx
19/10/2022 14:15:34:10 -- CFS: Files in Sync
19/10/2022 14:15:34:15 -- Pre-loading database file completed
19/10/2022 14:15:42:380 -- ftp://SETPink+Duck:********:2#192.168.1.71/Passwords/Passwords.kdbx isCached = True
19/10/2022 14:15:42:382 -- LockingActivity: OnActivityResult
19/10/2022 14:15:42:382 -- PasswordActivity.OnActivityResult 874348/1000
19/10/2022 14:15:42:410 -- status message: Initializing...
19/10/2022 14:15:42:411 -- status submessage:
19/10/2022 14:15:42:445 -- status message: Loading database…
19/10/2022 14:15:42:451 -- System.IO.IOException: The file header is corrupted. Less data than expected could be read from the file.
at KeePassLib.Serialization.BinaryReaderEx.ReadBytes (System.Int32 nCount) [0x0005f] in <1ca3161c0c784589b346af6c48422105>:0
at KeePassLib.Serialization.KdbxFile.LoadHeader (KeePassLib.Serialization.BinaryReaderEx br) [0x0002e] in <1ca3161c0c784589b346af6c48422105>:0
at KeePassLib.Serialization.KdbxFile.Load (System.IO.Stream sSource, KeePassLib.Serialization.KdbxFormat fmt, KeePassLib.Interfaces.IStatusLogger slLogger) [0x00084] in <1ca3161c0c784589b346af6c48422105>:0
at keepass2android.KdbxDatabaseFormat.PopulateDatabaseFromStream (KeePassLib.PwDatabase db, System.IO.Stream s, KeePassLib.Interfaces.IStatusLogger slLogger) [0x00013] in <0218d9a0a246400eb61cf9b0c47299ea>:0
at KeePassLib.PwDatabase.Open (System.IO.Stream s, System.String fileNameWithoutPathAndExt, KeePassLib.Serialization.IOConnectionInfo ioSource, KeePassLib.Keys.CompositeKey pwKey, KeePassLib.Interfaces.IStatusLogger slLogger, KeePassLib.IDatabaseFormat format) [0x000a6] in <1ca3161c0c784589b346af6c48422105>:0
at keepass2android.Database.PopulateDatabaseFromStream (KeePassLib.PwDatabase pwDatabase, System.IO.Stream s, KeePassLib.Serialization.IOConnectionInfo iocInfo, KeePassLib.Keys.CompositeKey compositeKey, keepass2android.ProgressDialogStatusLogger status, KeePassLib.IDatabaseFormat databaseFormat) [0x00013] in <0218d9a0a246400eb61cf9b0c47299ea>:0
at keepass2android.Database.LoadData (keepass2android.IKp2aApp app, KeePassLib.Serialization.IOConnectionInfo iocInfo, System.IO.MemoryStream databaseData, KeePassLib.Keys.CompositeKey compositeKey, keepass2android.ProgressDialogStatusLogger status, KeePassLib.IDatabaseFormat databaseFormat) [0x00033] in <0218d9a0a246400eb61cf9b0c47299ea>:0
at keepass2android.Kp2aApp.LoadDatabase (KeePassLib.Serialization.IOConnectionInfo ioConnectionInfo, System.IO.MemoryStream memoryStream, KeePassLib.Keys.CompositeKey compositeKey, keepass2android.ProgressDialogStatusLogger statusLogger, KeePassLib.IDatabaseFormat databaseFormat, System.Boolean makeCurrent) [0x000b9] in <7165a5adb3574afbabf24b0ad4c46188>:0
at keepass2android.LoadDb.TryLoad (System.IO.MemoryStream databaseStream) [0x00021] in <0218d9a0a246400eb61cf9b0c47299ea>:0
at keepass2android.LoadDb.Run () [0x000c2] in <0218d9a0a246400eb61cf9b0c47299ea>:0
19/10/2022 14:15:42:467 -- OnFinish message: An error occured: The file header is corrupted. Less data than expected could be read from the file.
19/10/2022 14:15:49:793 -- PasswordActivity.OnPause 35
19/10/2022 14:15:50:313 -- PasswordActivity.OnStop 35
19/10/2022 14:16:05:753 -- cannot autofill
19/10/2022 14:17:12:871 -- KeePass.OnCreate 36
19/10/2022 14:17:12:872 -- KeePass:apptask= 36
19/10/2022 14:17:12:873 -- Loaded task keepass2android.NullTask
19/10/2022 14:17:12:873 -- Task in activity KeePass 36 changed to NullTask
19/10/2022 14:17:12:874 -- KeePass.OnCreate
19/10/2022 14:17:12:883 -- KeePass.OnStart 36
19/10/2022 14:17:12:883 -- KeePass.OnStart
19/10/2022 14:17:12:927 -- SelectCurrentDbActivity.OnCreate 37
19/10/2022 14:17:12:928 -- SelectCurrentDbActivity:apptask= 37
19/10/2022 14:17:12:940 -- Loaded task keepass2android.NullTask
19/10/2022 14:17:12:940 -- Task in activity SelectCurrentDbActivity 37 changed to NullTask
19/10/2022 14:17:12:944 -- SelectCurrentDbActivity.OnStart 37
19/10/2022 14:17:12:946 -- SelectCurrentDbActivity.OnResume 37
19/10/2022 14:17:12:946 -- DB null 37
19/10/2022 14:17:12:963 -- SelectCurrentDbActivity.OnPause 37
19/10/2022 14:17:12:985 -- FileSelect.OnCreate
19/10/2022 14:17:13:18 -- FileSelect.OnStart
19/10/2022 14:17:13:35 -- SelectCurrentDbActivity.OnStop 37
19/10/2022 14:17:13:37 -- KeePass.OnStop 36
19/10/2022 14:17:13:37 -- KeePass.OnDestroyTrue
19/10/2022 14:17:13:38 -- KeePass.OnDestroyTrue 36
19/10/2022 14:17:13:79 -- PasswordActivity.OnCreate 38
19/10/2022 14:17:13:79 -- PasswordActivity:apptask= 38
19/10/2022 14:17:13:134 -- GetIocFromLaunchIntent()
19/10/2022 14:17:13:135 -- no keyprovider specified
19/10/2022 14:17:13:137 -- Reset keyfile
19/10/2022 14:17:13:138 -- FTP: IocToUri out = ftp://192.168.1.71/Passwords/Passwords.kdbx
19/10/2022 14:17:13:234 -- PasswordActivity.OnStart 38
19/10/2022 14:17:13:236 -- PasswordActivity.OnResume 38
19/10/2022 14:17:13:236 -- DB null 38
19/10/2022 14:17:13:237 -- starting: True, Finishing: False, _performingLoad: False
19/10/2022 14:17:13:238 -- ftp://SETPink+Duck:********:2#192.168.1.71/Passwords/Passwords.kdbx isCached = True
19/10/2022 14:17:13:242 -- Pre-loading database file starting
19/10/2022 14:17:13:243 -- ftp://SETPink+Duck:********:2#192.168.1.71/Passwords/Passwords.kdbx isCached = True
19/10/2022 14:17:13:244 -- ftp://SETPink+Duck:********:2#192.168.1.71/Passwords/Passwords.kdbx localVersionHash = E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
19/10/2022 14:17:13:244 -- ftp://SETPink+Duck:********:2#192.168.1.71/Passwords/Passwords.kdbx baseVersionHash = E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
19/10/2022 14:17:13:245 -- CFS: OpenWhenNoLocalChanges
19/10/2022 14:17:13:245 -- CFS: hashing cached version
19/10/2022 14:17:13:246 -- FTP: IocToUri out = ftp://192.168.1.71/Passwords/Passwords.kdbx
19/10/2022 14:17:13:501 -- PasswordModeSpinner item selected: 0
19/10/2022 14:17:13:605 -- FTP: IocToUri out = ftp://192.168.1.71/Passwords/Passwords.kdbx
19/10/2022 14:17:13:635 -- found 80 in 81
19/10/2022 14:17:13:637 -- cannot autofill
19/10/2022 14:17:13:836 -- CFS: Files in Sync
19/10/2022 14:17:13:837 -- Pre-loading database file completed
19/10/2022 14:17:13:858 -- FileSelect.OnStop
19/10/2022 14:17:13:947 -- FileSelect.OnDestroyTrue
19/10/2022 14:17:20:528 -- PasswordActivity.OnPause 38
19/10/2022 14:17:20:549 -- AppSettingsActivity.OnCreate 39
19/10/2022 14:17:20:549 -- AppSettingsActivity:apptask= 39
19/10/2022 14:17:20:635 -- AppSettingsActivity.OnStart 39
19/10/2022 14:17:20:636 -- AppSettingsActivity.OnResume 39
19/10/2022 14:17:20:638 -- DB null 39
19/10/2022 14:17:20:995 -- PasswordActivity.OnStop 38
19/10/2022 14:17:24:703 -- AppSettingsActivity.OnPause 39
19/10/2022 14:18:09:982 -- AppSettingsActivity.OnResume 39
19/10/2022 14:18:09:983 -- DB null 39
19/10/2022 14:18:12:961 -- AppSettingsActivity.OnPause 39
19/10/2022 14:18:13:406 -- AppSettingsActivity.OnStop 39

and

Keepass2Android log (Android 10 to FileZilla Server 1.5.1 via cellular network, FZ server open to *)
19/10/2022 14:44:33:558 -- AppSettingsActivity.OnPause 6
19/10/2022 14:44:33:572 -- PasswordActivity.OnStart 5
19/10/2022 14:44:33:575 -- PasswordActivity.OnResume 5
19/10/2022 14:44:33:575 -- DB null 5
19/10/2022 14:44:33:576 -- starting: True, Finishing: False, _performingLoad: False
19/10/2022 14:44:33:577 -- ftp://SETPink+Duck:********:2#pinkduck.myddns.me/Passwords/Passwords.kdbx isCached = True
19/10/2022 14:44:34:19 -- AppSettingsActivity.OnStop 6
19/10/2022 14:44:34:21 -- AppSettingsActivity.OnDestroyTrue 6
19/10/2022 14:44:34:590 -- PasswordActivity.OnPause 5
19/10/2022 14:44:34:604 -- SelectCurrentDbActivity 4: OnActivityResult FirstUser/1
19/10/2022 14:44:34:604 -- TryGetFromActivityResult: no data
19/10/2022 14:44:34:618 -- SelectCurrentDbActivity.OnStart 4
19/10/2022 14:44:34:622 -- SelectCurrentDbActivity.OnResume 4
19/10/2022 14:44:34:623 -- DB null 4
19/10/2022 14:44:34:623 -- SelectCurrentDbActivity.OnResume 4
19/10/2022 14:44:34:624 -- DB null 4
19/10/2022 14:44:34:653 -- SelectCurrentDbActivity.OnPause 4
19/10/2022 14:44:34:689 -- FileSelect.OnCreate
19/10/2022 14:44:34:731 -- FileSelect.OnStart
19/10/2022 14:44:34:732 -- FileSelect.OnResume
19/10/2022 14:44:34:756 -- FTP: IocToUri out = ftp://pinkduck.myddns.me/Passwords/Passwords.kdbx
19/10/2022 14:44:34:760 -- FTP: IocToUri out = ftp://192.168.1.71/Passwords/Passwords.kdbx
19/10/2022 14:44:34:823 -- SelectCurrentDbActivity.OnStop 4
19/10/2022 14:44:35:218 -- PasswordActivity.OnStop 5
19/10/2022 14:44:35:220 -- PasswordActivity.OnDestroyTrue 5
19/10/2022 14:45:19:902 -- ftp://SETPink+Duck:********:2#pinkduck.myddns.me/Passwords/Passwords.kdbx isCached = True
19/10/2022 14:45:19:934 -- FTP: IocToUri out = ftp://pinkduck.myddns.me/Passwords/Passwords.kdbx
19/10/2022 14:45:19:937 -- FTP: IocToUri out = ftp://192.168.1.71/Passwords/Passwords.kdbx
19/10/2022 14:45:19:940 -- FileSelect.OnPause
19/10/2022 14:45:19:960 -- PasswordActivity.OnCreate 7
19/10/2022 14:45:19:960 -- PasswordActivity:apptask= 7
19/10/2022 14:45:20:11 -- GetIocFromLaunchIntent()
19/10/2022 14:45:20:11 -- no keyprovider specified
19/10/2022 14:45:20:13 -- Reset keyfile
19/10/2022 14:45:20:14 -- FTP: IocToUri out = ftp://pinkduck.myddns.me/Passwords/Passwords.kdbx
19/10/2022 14:45:20:19 -- PasswordActivity.OnStart 7
19/10/2022 14:45:20:20 -- PasswordActivity.OnResume 7
19/10/2022 14:45:20:20 -- DB null 7
19/10/2022 14:45:20:21 -- starting: True, Finishing: False, _performingLoad: False
19/10/2022 14:45:20:22 -- ftp://SETPink+Duck:********:2#pinkduck.myddns.me/Passwords/Passwords.kdbx isCached = True
19/10/2022 14:45:20:24 -- Pre-loading database file starting
19/10/2022 14:45:20:25 -- ftp://SETPink+Duck:********:2#pinkduck.myddns.me/Passwords/Passwords.kdbx isCached = True
19/10/2022 14:45:20:26 -- ftp://SETPink+Duck:********:2#pinkduck.myddns.me/Passwords/Passwords.kdbx localVersionHash = E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
19/10/2022 14:45:20:26 -- ftp://SETPink+Duck:********:2#pinkduck.myddns.me/Passwords/Passwords.kdbx baseVersionHash = E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
19/10/2022 14:45:20:27 -- CFS: OpenWhenNoLocalChanges
19/10/2022 14:45:20:27 -- CFS: hashing cached version
19/10/2022 14:45:20:28 -- FTP: IocToUri out = ftp://pinkduck.myddns.me/Passwords/Passwords.kdbx
19/10/2022 14:45:20:75 -- PasswordModeSpinner item selected: 0
19/10/2022 14:45:20:180 -- found 80 in 81
19/10/2022 14:45:20:181 -- cannot autofill
19/10/2022 14:45:20:491 -- FileSelect.OnStop
19/10/2022 14:45:20:551 -- FileSelect.OnDestroyTrue
19/10/2022 14:45:22:152 -- FTP: IocToUri out = ftp://pinkduck.myddns.me/Passwords/Passwords.kdbx
19/10/2022 14:45:22:915 -- CFS: Files in Sync
19/10/2022 14:45:22:921 -- Pre-loading database file completed
19/10/2022 14:46:42:36 -- PasswordActivity.OnPause 7
19/10/2022 14:46:42:53 -- AppSettingsActivity.OnCreate 8
19/10/2022 14:46:42:54 -- AppSettingsActivity:apptask= 8
19/10/2022 14:46:42:141 -- AppSettingsActivity.OnStart 8
19/10/2022 14:46:42:142 -- AppSettingsActivity.OnResume 8
19/10/2022 14:46:42:143 -- DB null 8
19/10/2022 14:46:42:543 -- PasswordActivity.OnStop 7

FileZilla Client’s detailed successful connection log:
14:56:15 Trace: CControlSocket::SendNextCommand()
14:56:15 Trace: CFtpLogonOpData::Send() in state 0
14:56:15 Status: Resolving address of pinkduck.myddns.me
14:56:15 Status: Connecting to 92.13.35.160:21...
14:56:15 Status: Connection established, waiting for welcome message...
14:56:15 Trace: CFtpControlSocket::OnReceive()
14:56:15 Response: 220-FileZilla Server 1.5.1
14:56:15 Response: 220-Please visit https://filezilla-project.org/
14:56:15 Response: 220 Private; for authorised use only.
14:56:15 Trace: CFtpLogonOpData::ParseResponse() in state 1
14:56:15 Trace: CControlSocket::SendNextCommand()
14:56:15 Trace: CFtpLogonOpData::Send() in state 2
14:56:15 Command: AUTH TLS
14:56:15 Trace: CFtpControlSocket::OnReceive()
14:56:15 Response: 234 Using authentication type TLS.
14:56:15 Trace: CFtpLogonOpData::ParseResponse() in state 2
14:56:15 Status: Initializing TLS...
14:56:15 Trace: tls_layer_impl::client_handshake()
14:56:15 Trace: tls_layer_impl::continue_handshake()
14:56:15 Trace: TLS handshakep: About to send CLIENT HELLO
14:56:15 Trace: TLS handshakep: Sent CLIENT HELLO
14:56:15 Trace: tls_layer_impl::on_send()
14:56:15 Trace: tls_layer_impl::continue_handshake()
14:56:15 Trace: tls_layer_impl::on_read()
14:56:15 Trace: tls_layer_impl::continue_handshake()
14:56:15 Trace: tls_layer_impl::on_read()
14:56:15 Trace: tls_layer_impl::continue_handshake()
14:56:15 Trace: TLS handshakep: Received SERVER HELLO
14:56:15 Trace: TLS handshakep: Processed SERVER HELLO
14:56:15 Trace: tls_layer_impl::on_read()
14:56:15 Trace: tls_layer_impl::continue_handshake()
14:56:15 Trace: TLS handshakep: Received ENCRYPTED EXTENSIONS
14:56:15 Trace: TLS handshakep: Processed ENCRYPTED EXTENSIONS
14:56:15 Trace: TLS handshakep: Received CERTIFICATE
14:56:15 Trace: TLS handshakep: Processed CERTIFICATE
14:56:15 Trace: tls_layer_impl::on_read()
14:56:15 Trace: tls_layer_impl::continue_handshake()
14:56:15 Trace: TLS handshakep: Received CERTIFICATE VERIFY
14:56:15 Trace: TLS handshakep: Processed CERTIFICATE VERIFY
14:56:15 Trace: tls_layer_impl::on_read()
14:56:15 Trace: tls_layer_impl::continue_handshake()
14:56:15 Trace: TLS handshakep: Received FINISHED
14:56:15 Trace: TLS handshakep: Processed FINISHED
14:56:15 Trace: TLS handshakep: About to send FINISHED
14:56:15 Trace: TLS handshakep: Sent FINISHED
14:56:15 Trace: TLS Handshake successful
14:56:15 Trace: Protocol: TLS1.3, Key exchange: ECDHE-SECP384R1-ECDSA-SECP256R1-SHA256, Cipher: AES-256-GCM, MAC: AEAD, ALPN: x-filezilla-ftp
14:56:15 Trace: tls_layer_impl::verify_certificate()
14:56:15 Trace: System trust store decision: false
14:56:15 Trace: Sending certificate_verification_event
14:56:15 Trace: CFtpControlSocket::SetAsyncRequestReply
14:56:15 Trace: set_verification_result(true)
14:56:15 Status: TLS connection established.
14:56:15 Trace: CControlSocket::SendNextCommand()
14:56:15 Trace: CFtpLogonOpData::Send() in state 6
14:56:15 Command: USER Pink Duck
14:56:15 Trace: CFtpControlSocket::OnReceive()
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CFtpControlSocket::OnReceive()
14:56:16 Response: 331 Please, specify the password.
14:56:16 Trace: CFtpLogonOpData::ParseResponse() in state 6
14:56:16 Trace: CControlSocket::SendNextCommand()
14:56:16 Trace: CFtpLogonOpData::Send() in state 6
14:56:16 Command: PASS ***********
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CFtpControlSocket::OnReceive()
14:56:16 Response: 230 Login successful.
14:56:16 Trace: CFtpLogonOpData::ParseResponse() in state 6
14:56:16 Trace: CControlSocket::SendNextCommand()
14:56:16 Trace: CFtpLogonOpData::Send() in state 8
14:56:16 Command: FEAT
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CFtpControlSocket::OnReceive()
14:56:16 Response: 211-Features:
14:56:16 Response: MDTM
14:56:16 Response: REST STREAM
14:56:16 Response: SIZE
14:56:16 Response: MLST type*;size*;modify*;perm*;
14:56:16 Response: MLSD
14:56:16 Response: AUTH SSL
14:56:16 Response: AUTH TLS
14:56:16 Response: PROT
14:56:16 Response: PBSZ
14:56:16 Response: UTF8
14:56:16 Response: TVFS
14:56:16 Response: EPSV
14:56:16 Response: EPRT
14:56:16 Response: MFMT
14:56:16 Response: 211 End
14:56:16 Trace: CFtpLogonOpData::ParseResponse() in state 8
14:56:16 Status: Logged in
14:56:16 Trace: Measured latency of 103 ms
14:56:16 Trace: CFtpControlSocket::ResetOperation(0)
14:56:16 Trace: CControlSocket::ResetOperation(0)
14:56:16 Trace: CFtpLogonOpData::Reset(0) in state 15
14:56:16 Trace: CFileZillaEnginePrivate::ResetOperation(0)
14:56:16 Trace: CControlSocket::SendNextCommand()
14:56:16 Trace: CFtpListOpData::Send() in state 0
14:56:16 Status: Retrieving directory listing...
14:56:16 Trace: CFtpChangeDirOpData::Send() in state 0
14:56:16 Trace: CFtpChangeDirOpData::Send() in state 1
14:56:16 Command: PWD
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CFtpControlSocket::OnReceive()
14:56:16 Response: 257 "/" is current directory.
14:56:16 Trace: CFtpChangeDirOpData::ParseResponse() in state 1
14:56:16 Trace: CFtpControlSocket::ResetOperation(0)
14:56:16 Trace: CControlSocket::ResetOperation(0)
14:56:16 Trace: CFtpChangeDirOpData::Reset(0) in state 1
14:56:16 Trace: CFtpListOpData::SubcommandResult(0) in state 1
14:56:16 Trace: CControlSocket::SendNextCommand()
14:56:16 Trace: CFtpListOpData::Send() in state 2
14:56:16 Trace: CFtpRawTransferOpData::Send() in state 0
14:56:16 Trace: CFtpRawTransferOpData::Send() in state 1
14:56:16 Command: TYPE I
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CFtpControlSocket::OnReceive()
14:56:16 Response: 200 Type set to I
14:56:16 Trace: CFtpRawTransferOpData::ParseResponse() in state 1
14:56:16 Trace: CControlSocket::SendNextCommand()
14:56:16 Trace: CFtpRawTransferOpData::Send() in state 2
14:56:16 Command: PASV
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CFtpControlSocket::OnReceive()
14:56:16 Trace: TLS handshakep: Received NEW SESSION TICKET
14:56:16 Trace: TLS handshakep: Processed NEW SESSION TICKET
14:56:16 Trace: gnutls_record_recv returned spurious EAGAIN
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CFtpControlSocket::OnReceive()
14:56:16 Response: 227 Entering Passive Mode (192,168,1,71,7,255)
14:56:16 Trace: CFtpRawTransferOpData::ParseResponse() in state 2
14:56:16 Status: Server sent passive reply with unroutable address. Using server address instead.
14:56:16 Trace: Reply: 192.168.1.71, peer: 92.13.35.160
14:56:16 Trace: CControlSocket::SendNextCommand()
14:56:16 Trace: CFtpRawTransferOpData::Send() in state 4
14:56:16 Trace: Binding data connection source IP to control connection source IP 192.168.100.49
14:56:16 Trace: tls_layer_impl::client_handshake()
14:56:16 Trace: Trying to resume existing TLS session.
14:56:16 Command: MLSD
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CFtpControlSocket::OnReceive()
14:56:16 Response: 150 About to start data transfer.
14:56:16 Trace: CFtpRawTransferOpData::ParseResponse() in state 4
14:56:16 Trace: CControlSocket::SendNextCommand()
14:56:16 Trace: CFtpRawTransferOpData::Send() in state 5
14:56:16 Trace: tls_layer_impl::on_send()
14:56:16 Trace: tls_layer_impl::continue_handshake()
14:56:16 Trace: TLS handshakep: About to send CLIENT HELLO
14:56:16 Trace: TLS handshakep: Sent CLIENT HELLO
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: tls_layer_impl::continue_handshake()
14:56:16 Trace: TLS handshakep: Received SERVER HELLO
14:56:16 Trace: TLS handshakep: Processed SERVER HELLO
14:56:16 Trace: TLS handshakep: Received ENCRYPTED EXTENSIONS
14:56:16 Trace: TLS handshakep: Processed ENCRYPTED EXTENSIONS
14:56:16 Trace: TLS handshakep: Received FINISHED
14:56:16 Trace: TLS handshakep: Processed FINISHED
14:56:16 Trace: TLS handshakep: About to send FINISHED
14:56:16 Trace: TLS handshakep: Sent FINISHED
14:56:16 Trace: TLS Handshake successful
14:56:16 Trace: TLS Session resumed
14:56:16 Trace: Protocol: TLS1.3, Key exchange: unknown, Cipher: AES-256-GCM, MAC: AEAD, ALPN: ftp-data
14:56:16 Trace: tls_layer_impl::verify_certificate()
14:56:16 Trace: set_verification_result(true)
14:56:16 Trace: CTransferSocket::OnConnect
14:56:16 Trace: CTransferSocket::OnReceive(), m_transferMode=0
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CTransferSocket::OnReceive(), m_transferMode=0
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CTransferSocket::OnReceive(), m_transferMode=0
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CTransferSocket::OnReceive(), m_transferMode=0
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CTransferSocket::OnReceive(), m_transferMode=0
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CTransferSocket::OnReceive(), m_transferMode=0
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CTransferSocket::OnReceive(), m_transferMode=0
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CTransferSocket::OnReceive(), m_transferMode=0
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CTransferSocket::OnReceive(), m_transferMode=0
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CTransferSocket::OnReceive(), m_transferMode=0
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CTransferSocket::OnReceive(), m_transferMode=0
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CTransferSocket::OnReceive(), m_transferMode=0
14:56:16 Trace: CTransferSocket::TransferEnd(1)
14:56:16 Trace: tls_layer_impl::shutdown()
14:56:16 Trace: tls_layer_impl::continue_shutdown()
14:56:16 Trace: CFtpControlSocket::TransferEnd()
14:56:16 Trace: tls_layer_impl::on_read()
14:56:16 Trace: CFtpControlSocket::OnReceive()
14:56:16 Response: 226 Operation successful
14:56:16 Trace: CFtpRawTransferOpData::ParseResponse() in state 7
14:56:16 Trace: CFtpControlSocket::ResetOperation(0)
14:56:16 Trace: CControlSocket::ResetOperation(0)
14:56:16 Trace: CFtpRawTransferOpData::Reset(0) in state 7
14:56:16 Trace: CFtpListOpData::SubcommandResult(0) in state 3
14:56:16 Trace: CFtpControlSocket::ResetOperation(0)
14:56:16 Trace: CControlSocket::ResetOperation(0)
14:56:16 Trace: CFtpListOpData::Reset(0) in state 3
14:56:16 Status: Directory listing of "/" successful
14:56:16 Trace: CFileZillaEnginePrivate::ResetOperation(0)

[i3v]

Just some related news:

• According to "Enable TLS tickets / resumption with OpenSSL on Linux" dotnet runtime 7.0 got an "automatic" SslStream resumption now. (BTW: some people are already asking to allow disabling that.)
• The FluentFTP.GnuTLS claims "Fixes SSL session resume failures" as one of its main benefits.

[PinkDuck]

FileZilla Server updated to GnuTLS 3.8.0 in v1.6.7 (released 20th Feb 2023), so I'll give that a try shortly to see if it resolves.

[PinkDuck]

Unfortunately not:

<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Response] 150 Starting data transfer.
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] tls_layer_impl::on_read()
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] tls_layer_impl::continue_handshake()
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: Received CLIENT HELLO
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: Processed CLIENT HELLO
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: About to send SERVER HELLO
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: Sent SERVER HELLO
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: About to send CERTIFICATE
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: Sent CERTIFICATE
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: About to send SERVER KEY EXCHANGE
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: Sent SERVER KEY EXCHANGE
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: About to send SERVER HELLO DONE
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: Sent SERVER HELLO DONE
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] tls_layer_impl::on_read()
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] tls_layer_impl::continue_handshake()
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: Received CLIENT KEY EXCHANGE
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: Processed CLIENT KEY EXCHANGE
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: Received FINISHED
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: Processed FINISHED
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: About to send NEW SESSION TICKET
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: Sent NEW SESSION TICKET
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: About to send FINISHED
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS handshakep: Sent FINISHED
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] TLS Handshake successful
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] Protocol: TLS1.2, Key exchange: ECDHE-X25519-ECDSA-SHA512, Cipher: AES-128-GCM, MAC: AEAD, ALPN:
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] session::on_socket_event(): source = data, flag = 2, error = 0, state = 2
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] Client wants a secure data connection.
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] securer(1) ENTERING state = 2
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] securer(1) EXITING state = -1
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] ~securer(1) ENTERING state = -1
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] ~securer(1) EXITING state = -1
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Error] TLS session of data connection not resumed.
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Response] 425 Unable to build data connection: TLS session of data connection not resumed.
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] session::close_data_connection(): prev data_connection_status = 2
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] Removed done events: 0
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 Pink Duck [Trace] Control channel closed with error from source 0. Reason: ECONNABORTED - Connection aborted.
<29-04-2023 10:32:37> FTP Session 3 192.168.1.164 [Trace] Session 0x274c5637030 with ID 3 destroyed.

[i3v]

@PinkDuck , my point actually was that (theoretically) it should be easy to patch keepass2android (new FTPClient in particular) to use GnuTlsStream, like suggested in the "FTPS Connection using GnuTLS".

I'm not saying there are no caveats possible, though.