I use FileZilla as my primary ftp client to transfer files to/from my box.com account, and have been doing so (successfully) for years. FileZilla fully support TLS 1.2, and all modern ssh protocols.
However, with the last recent builds of FileZilla (3.53.0 currently), connections to box.com (using implicit FTP over TLS) cause FileZilla to throw an error - complaining that box.com (as the server)
"This server does not support TLS session resumption on the data connection."
I posted a query on the FileZilla support forum, since I hadn't seen this error before. I pointed out that a somewhat earlier version of FileZilla connected with box.com, with no reported errors. I had assumed (and suggested) that the problem might have emerged with the latest point update to FileZilla. To which they replied:
"Wrong. The problem is always there, it just happens that FileZilla 3.53.0 is the first version to actually report it. In other words: The connection was always less-than-secure, you just were unaware of it.
The issue must be solved by box.com (by finally supporting that important security feature)."
So, in other words, the FileZilla folks suggest that Box.com needs to implement TLS session resumption on the data connection. [I heard directly from one of them that DropBox has TLS session resumption, and were suprised Box.com didn't.]
Any thoughts? Comments? Presumably, anyone using most recent version of FZ to connect to box.com is running into the same thing.
Please sign in to leave a comment.