TLS Timeout on LIST/Insecure Data connection #252
Comments
|
I had the same issue, I fixed it using the comments in #59 concerning the pasv_url |
Unfortunately I bumped into that one already and am already using that method:
I've also tried passing the server's URL directly into the pasv_url area. I would imagine non-TLS would also have some issues if this were messed up, but only TLS is having the issues. I also have the ports forwarded properly for the pasv port range, and that works fine for non-TLS connections. |
|
Hey all, I was AFK last week, but just letting you know I have eyes on this and hopefully, we can start working towards a solution. I'll have a more detailed response in the next couple of days. |
matt-forster
added
the
bug
|
You may not be having the same issue as I was, but I'll note it here in case it helps. First let me state, I still get the That said, I found after switching to explicit that the tls handshake was failing. For me, this was because I was using an |
|
There is more to this one. It seems the underlying cause of the timeouts (based on similar issues reported in various other FTP projects) is the lack of session resumption. It may be different based on client, but I did get confirmation from a Filezilla team member that the only method of session resumption they support is that laid out in the TLS 1.3 specification, which is in-band PSK based resumption. Unfortunately it appears that this is not supported in Node.js at all at this point. Compounding the issue the related docs are completely out of line with the TLS 1.3 specification. For me this led to many days of digging before I realized that the docs are straight up inaccurate. So, as of now (unless I'm missing something and this is simply a documentation issue) it appears that this issue cannot be addressed until support for PSK based session resumption is added to Node. Please add your voice to this issue in Node coreI've created an issue for that but any support voiced there would be appreciated as it doesn't seem session resumption is something too many folks care about with HTTP, but it seems much more necessary for FTPS. |
|
Wow, great exploration there - thank you so much for the info! |
|
I'm experiencing this issue as well only in my case, the premise differs. I keep getting the error below when running the server in a docker container even without TLS enabled.
I have tried everything on this page, but none of them works. |
|
@mcfriend99 If the issue you are having is not TLS related - then we may want to create a separate bug report, or even a question in the discussions to get to the bottom of it - your handler may just not be returning correctly? |
|
@matt-forster As for me, the way to solve this problem was to allow my firewall to accept a connection from my ftp client (in my case CyberDuck) |
Have been trying to trace down why this issue keeps occurring, but so far I cannot. I have configured ftp-srv (running in Node due to custom project with a custom Filesystem override for virtual FS - that all works fine so far).
However, for TLS connections I get the following error when using Cyberduck:
"directive":"LIST","level":50,"err":{"message":"operation timed out","name":"TimeoutError","stack":"TimeoutError: operation timed out
If I connect using FileZilla, I get the error that "This server does not support session resumption on the data connection."
This is my constructor for the FileSystem override if it helps:
The Account type is a user account. The connection is passed in from callback function args on ftpServer.on('login') out of the data object as describe in the docs. Any ideas what could be going wrong here, as this is the only issue I currently have preventing things from being completely smooth!
Good job on this project btw. :)
The text was updated successfully, but these errors were encountered: