At the recent Macworld Expo in January we introduced Fetch 5.2, which adds FTP with TLS/SSL (FTPS) support, and Apple introduced its new Airport Extreme Base Station (AEBS) with 802.11n support. Unfortunately, a bug in the AEBS keeps it from working with Fetch’s new TLS/SSL feature. Our research has determined that it is not possible for Fetch (or any other secure FTP client) to make FTP with TLS/SSL connections through the new AEBS.
We have reported the bug to Apple, and the Airport engineers are aware of it, but they have not given us a date when it will be fixed. In the meantime affected customers may want to use SFTP instead of FTP with TLS/SSL (if the server supports SFTP), turn off the “distribute addresses” feature of their Airport Extreme Base Station (if there is only one computer on the local network, or if there is another device that can distribute addresses), or switch to a different wireless base station. The previous, flying-saucer-shaped Airport Extreme Base Stations did not have this problem.
The bug appears to be in the base station’s FTP inspection code. When the base station is in Network Address Translation (NAT) mode, distributing private IP addresses to computers on the local network, it has to listen in on FTP sessions in order to translate between private and public addresses. When an FTP client tries to use TLS/SSL encryption (also known as FTPS, AUTH TLS, or FTP with Explicit SSL), the AEBS simply drops the connection. This bug affects any FTP client making TLS/SSL connections to a server on port 21 (it does not affect the less common port 990 connections, sometimes called FTP with Implicit SSL, or SSL connect, because the base station does not inspect that traffic).
Update: The bug discussed above was present in firmware versions 7.0 to 7.1.1. On August 29, 2007, Apple released version 7.2.1 of the Airport Extreme Base Station with 802.11n firmware, which fixes this problem.