The behavior lanopk reported we have classified as a bug in FileZilla behavior. We most likely add a workaround in one of our next releases.
1) FTP control connection - Rebex client sends ClientHello with pskkeyexchangemodes extension and advertises that supports both pskke, pskdheke.
From our point of view, this behavior strictly conforms to TLS 1.3 specification.
" The semantics of this extension are that the client only supports the use of PSKs with these modes, which restricts both the use of PSKs offered in this ClientHello and those which the server might supply via NewSessionTicket.“
See details here.
2) The handshake is completed, but the FileZilla server does not send NewSessionTicket.
3) FTP data connection requires that the client uses (New)SessionTicket from the FTP control connection. But we don't have any session tickets. TLS handshake for data connection is completed, but communication fails with ". "TLS session of data connection not resumed" exception.
The workaround is simple - we are sending
psk_dhe_ke mode only in the
psk_key_exchange_modes extension and then FileZilla provides NewSessionTicket that we can use when securing FTP data connection.