Transfer files from android with FTPS to the server

Question

I am using the Apache Commons FTP library in my android application

I am making the connection through FTPS, and although it connects perfectly to the server, I have

Answer 1

The problem in your case is that the Apache FTPSClient doesn't support TLS session resumption and , thus, fails when you try to transfer the file.

Understanding the Problem

When you connect to an FTP server over TLS, the server intiates a secure ssl session with the client on the control connection. The client then enter passive mode by sending a PASV command and in response the server opens a random unprivileged port and sends in response the port number to the client. This port represents the data connection. Now to connect to this new port securely, the client must reuse the existing TLS session that it already have with the server on the control connection.

Why to reuse the TLS session?

Not requiring session resumption allows session stealing attacks. The problem with FTP is that the data connection does not authenticate the client.
If the server/client doesn't reuse the existing TLS session, it might have been possible for an attacker to connect to the data port instead and upload a malware. So to protect against such attack, the FTP server requires the client to reuse the already established session.

In your case, the Apache FTPSClient fails to reuse the session (it's a known issue) and thus the server thinks your client is unauthorized and denies the transfer.

Checkout the Wealthfront post on how to patch and a sample implementation.

Sources:

• Wealthfront [link]
• Slacksite [link]
• FlieZilla Forum [link]