search

wa2c / cifs-documents-provider

CIFS Documents Provider
MIT License
232 stars 25 forks source link

TLS Required? #67

Closed RebelliousX closed 4 months ago

RebelliousX commented 5 months ago

FTP works great, no issues really besides it is a little slow (unexpectedly compared to SMB) even when doing FTP within a LAN. (It seems Random File Access is slow for FTP). But I am okay with this.

This is not an issue per se, so even if it was deemed as no fix, it is okay. It is just to bring this to your attention.

I have TrueNAS server, and setup FTP service. By default in TrueNAS FTP settings, there is a setting called TLS Policy, by default, this settings is set to On.

TLS Policies

And when it is set to On or anything except Off and Auth. Cifs Document Provider fails to list any files and directories.

This is not a major issue, I personally set it to Auth so the requirement for TLS encryption happens during authentication only. But I thought that might be cool if it is also enforced while doing data transfer too.

Here is more information about TLS Required command: http://www.proftpd.org/docs/contrib/mod_tls.html#TLSRequired

This setting according to proftpd should be Off by default. But somehow TrueNAS has it On.

If I set it to On, I used FileZilla on my PC and it is able to see the files and directories, File Manager + android app is able to see them too.

I want to thank you @wa2c for implementing FTP/FTPS support. What a wonderful developer 🙂 This is wonderful, now I can access my NAS even when I am not home. Heck, I can play PS2 and PSP games on the go too 👍🏻

wa2c commented 4 months ago

I can't find a way to fix this problem in code. But I found that by changing the following check on in TrueNAS, the files are visible

Services > FTP > General Options > ADVANCED OPTIONS > TLS No Session Reuse Required

image

However, this settings help reads as follows...

Setting this option reduces the security of the connection, so only use it if the client does not understand reused SSL sessions.

wa2c commented 4 months ago

It seems to SSL/TLS session reusing is not supported now.

[NET-408] problem connecting to ProFTPD with FTPES - ASF JIRA

wa2c commented 4 months ago

@RebelliousX Please hold off on this problem until Apache Commons supports session reuse.

RebelliousX commented 4 months ago

@wa2c Thank you very much for your work, I really appreciate it. TLS No Session Reuse fixes the problem for now. I am okay with this.

Edit: I don't think Apache is really keen on fixing this, the issue you mentioned has been opened since 2011, although it seems it attracted recent updates (December 2023).