FTP Plugin 2.43 does not support tls 1.3

Support for Android version of Total Commander

Moderators: white, Hacker, petermad, Stefan2

Post Reply
33kk99
Junior Member
Junior Member
Posts: 18
Joined: 2016-11-14, 05:00 UTC

FTP Plugin 2.43 does not support tls 1.3

Post by *33kk99 »

FTP Plugin 2.43 does not support tls 1.3.
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: FTP Plugin 2.43 does not support tls 1.3

Post by *ghisler(Author) »

Sorry, currently only TLS 1.2 and 1.1 are supported. I don't know whether Android supports TLS 1.3, and from which version.
Author of Total Commander
https://www.ghisler.com
User avatar
chandragor
Member
Member
Posts: 118
Joined: 2005-06-01, 10:10 UTC
Location: Italy

Re: FTP Plugin 2.43 does not support tls 1.3

Post by *chandragor »

From https://developer.android.com/about/versions/10/behavior-changes-all
Android 10 includes the following security changes.

TLS 1.3 enabled by default

In Android 10 and higher, TLS 1.3 is enabled by default for all TLS connections
Happy owner of license #12422 since 1997
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: FTP Plugin 2.43 does not support tls 1.3

Post by *ghisler(Author) »

I have checked this now: TLS 1.3 is not enabled by default when creating an SslSocket. When I enable it manually, I can connect to the server, but I can't transfer any data when SSL session reuse is enabled on the server side (which is unfortunately the default for ProFTPd). Therefore I can't enable TLS 1.3, otherwise you would not get any directory listings and couldn't upload or download anything. This is a problem with the Android SSL stack and can't be changed. I would have to compile and include my own OpenSSL libraries, something no one has done before...
Author of Total Commander
https://www.ghisler.com
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: FTP Plugin 2.43 does not support tls 1.3

Post by *ghisler(Author) »

I have made further tests, and it seems that ProFTPd 1.3.7 and newer support TLS 1.3. Older versions try to use session IDs, which are not supported in TLS 1.3. Instead, TLS 1.3 uses so-called session tickets.

ProFTPd in Fedora Linux 37 is at version 1.3.7 and works with TLS 1.3.
ProFTPd on a Raspberry PI with the default Raspberry OS/Raspbian is at version 1.3.6 (backported patches) and does NOT work with TLS 1.3. You will get an empty directory.

In the latest beta of the plugin, you can now enable TLS 1.3 manually in the connection settings. You will get a warning when a server returns an empty directory.

To get the beta from the Play Store, you can enable beta versions here:
https://play.google.com/apps/testing/com.ghisler.tcplugins.FTP
The beta is also available via our fDroid beta repository:
https://www.ghisler.com/fdroid.htm
Author of Total Commander
https://www.ghisler.com
Post Reply