In FTP protocol, data connection does not directly authenticate the client.
Client uses control connection to authenticate, then it establishes data connection using PASV command followed by the STOR (upload) or RETR (download) command.
The server opens a port and waits for the client to connect to it and upload/download files.
An attacker could figure out the port the server listens to, connect to it before the client, and upload a piece of malware.
TLS session resumption prevents this. It acts as a form of authentication. If the TLS session of the data connection matches the session of the control connection, both the client and the server have the guarantee, that the data connection is genuine. Any mismatch in sessions indicates a potential attack.
Ftp.dll uses .NET's SslStream and it supports session resumption.
- Make sure you are using TLS 1.2,
- Make sure you are using the latest Ftp.dll and OS versions,
- If it was one time thing ignore it
- Usually servers allow disabling TLS session resumption - but this is not recommended.
[Edit]
It looks like one of the recent windows update disabled/broke session resumption/session tickets.
The offending update is KB4517389 (uninstalling it resolves this issue):
https://support.microsoft.com/en-us/help/4517389/windows-10-update-kb4517389
[Edit #2]
More details can be found in this article:
https://www.limilabs.com/blog/ftp-tls-encrypted-data-connections-fail-ems