Article delegate-en/3659 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Delegate with SSL Wrapper for FTPs .. implicit / explicit
17 Mar 2007 13:30:11 GMT "Thomas Heidkamp" <pjmhabdyi-hhkpuksjzulr.ml@ml.delegate.org>



Hello,
I would like to know, if delegate support both version fort he FTP SSL
implementation.

Most modern FTP Server (like proftpd) only support the explicit
implementation for SSL. 
So most of the modern ftp clients (from command line) only support the
explicit version.

In your docu for SSL you write for the sslway ftps (like I use it at this
time)

/usr/local/delegate/src/delegated STLS="fcl:ftps" -P21,990 SERVER=ftps
MOUNT="/* ftps://x.x.x.x/*" RELIABLE="y.y.y.y"
LIBPATH=/usr/local/delegate/lib

OK, so this version is for implicit implementation, where the data port 990
is also used and encrypted.

But in explicit implementation .. only one port (like 21) ist used for AUTH
and also for data.

I have tested the delegate.. and I am only able to connect in implicit mode.



From the proftpd Website :

Question: How come mod_tls does not support "implicit" FTPS (i.e.
automatically encrypting sessions on port 990)?
Answer: The short answer is because the Draft no longer specifies support
for such a mode. Here is a description of why the alternatives to the
current mode (client-requested encryption using standard control channel)
are "bad".





Implicit FTPS and Explicit FTPS
  

Before the FTPS Internet Draft was published a somewhat abortive attempt at
offering a secure version of FTP was made.  This is now referred to as
implicit FTPS.  It is a very simplistic technique which involves using
standard secure TLS sockets in place of plain sockets at all points.  Since
standard TLS sockets require an exchange of security data immediately upon
connection, it is not possible to offer standard FTP and implicit FTPS on
the same port.  For this reason another port needs to be opened - usually
port 990. 

Implicit FTPS is in the process of being phased out in favour of FTPS as
described in the Internet Draft.  This newer variant of FTPS is now referred
to as explicit FTPS.  It has a some substantial advantages over implicit
FTPS:

   1.

      It is a standard extension of FTP and is therefore supported by most
FTP servers.
   2.

      It uses standard FTP ports meaning that there is no need to open
addition ports in firewalls when upgrading from FTP to FTPS.
   3.

      It is more flexible in that it allows security to be turned off and on
in a single session.
   4.

      It is compatible with the RFC2228 standard.




	
		
___________________________________________________________ 
Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V