vsftpd - Faulty file transfer with TLSv1.3 & AES128
 

Hello everyone,

I have an issue with vsftpd and TLSv1.3, affecting both vsftpd-3.0.3 and vsftpd-3.0.5. I can easily establish a connection and transfer files over TLSv1.3 with TLS_AES_256_GCM_SHA384 using gFTP and lftp. The same applies to TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384.

However, the problem arises as my Android smartphones or apps establish the connection (when configured to TLSv1.3) only with TLS_AES_128_GCM_SHA256. Although they can successfully log in to the server, it is not possible to transfer files completely. In particular, images are only partially transferred, displaying only parts of the image.

This issue affects all tested Android FTP clients, and I've tested it on both a Samsung M52 (Android 13) and a Xiaomi 9T Pro (LineageOS 20). The server is running on Debian Bookworm.

Does anyone know exactly where the problem lies?

Exactly? No.

However, there are quality SFTP clients for the platforms you list. What about your work flow seems to indicate a need for deprecated FTP/FTPS instead of SFTP? That is the big question in 2023, almost 2024.

While there are a few edge cases where FTP/FTPS might make sense, they are very rare nowadays.

I can't really pinpoint what was up with vsftpd. The issue only caught my attention when I activated TLSv1.3. I asked around in a bunch of forums, but no one could really tell me what was off with vsftpd. This morning, I uninstalled vsftpd and installed proFTPd. And guess what, it's working perfectly now. TLSv1.3 - TLS_AES_256_GCM_SHA384 (256 bits) is running as the standard on all devices. :)