FTP在celluar數據上顯式失敗

Question

此問題是this original question的後續。在用FTP隱含了一段時間後，我再次決定研究這個問題。這一次，我用純java（非android）編寫了一個簡單的FTP客戶端，並在我通過手機的熱點連接到互聯網時分析了SSL/TLS調試消息。

問題發生在ClientHello發送後的TLS握手過程中。 FTP方式，這對應於AUTH TLS被服務器成功接受之後。失敗的交換表示如下：

*** ClientHello, TLSv1.2 
RandomCookie: GMT: 1416712655 bytes = { <binary data> } 
Session ID: {} 
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA] 
Compression Methods: { 0 } 
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA 
Extension server_name, server_name: [type=host_name (0), value=<server>] 
Extension renegotiation_info, renegotiated_connection: <empty> 
*** 
main, WRITE: TLSv1.2 Handshake, length = 188 
main, handling exception: java.net.SocketTimeoutException: Read timed out 
Exception in thread "main" java.net.SocketTimeoutException: Read timed out 
    at java.net.SocketInputStream.socketRead0(Native Method) 
    at java.net.SocketInputStream.read(SocketInputStream.java:150) 
    at java.net.SocketInputStream.read(SocketInputStream.java:121) 
    at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) 
main, called close() 

作爲參考，一個成功的交換包含如下：

*** ClientHello, TLSv1.2 
RandomCookie: GMT: 1416713014 bytes = { <binary data> } 
Session ID: {} 
Cipher Suites: [TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA] 
Compression Methods: { 0 } 
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} 
Extension ec_point_formats, formats: [uncompressed] 
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA 
Extension server_name, server_name: [type=host_name (0), value=<server>] 
Extension renegotiation_info, renegotiated_connection: <empty> 
*** 
main, WRITE: TLSv1.2 Handshake, length = 188 
main, READ: TLSv1.2 Handshake, length = 81 
*** ServerHello, TLSv1.2 
RandomCookie: GMT: 142326665 bytes = { <binary data> } 
Session ID: { <session id data> } 
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 
Compression Method: 0 
Extension renegotiation_info, renegotiated_connection: <empty> 
*** 

我使用TLSv1.2工作，TLSv1.1和使用TLSv1嘗試和所有導致相同的結果，套接字超時和服務器關閉連接。 FTP服務器（FileZilla Server 0.9.48 beta）沒有提供詳細的問題日誌。

任何關於這個問題的見解將不勝感激。

Answer 1

我會建議您的提供商的流量「優化」導致問題。對流量進行「優化」的深度數據包檢測對蜂窩網絡來說非常普遍，通常用於改善流量，有時也用於阻止不必要的流量。

這是如何與您的問題相關的： 在蜂窩網絡中通常需要NAT，也就是說您不會獲得公共IP地址。但是，至少FTP中的主動模式需要一個公共IP，因此使用幫助程序來轉換IP控制和端口以用於FTP控制連接中的PORT/EPRT命令並不少見。這些幫助程序無法使用加密連接，這意味着它們可能會故意阻止這些連接，或者可能會因意外阻止它們，因爲它們不再理解流量。