Go Back   FlashFXP Forums > > > >

Suggestions Post suggestions for upcoming versions

Thread Tools Display Modes
Old 08-04-2003, 07:10 AM   #1
Junior Member
Join Date: Aug 2003
Posts: 1
Smile SSL/TLS and PROT command suggestion

When an explicit TLS session is started, the negociation goes fine. Your
client properly sends "AUTH TLS", the encryption layer is turned on on the
connection socket, then "PBSZ" is sent. All is ok.

The problem comes when the server is configured to use SSL/TLS on the
connection socket, but the data socket is intentionnaly left unencrypted.

Your client sends the "PROT" command to ask for possible SSL/TLS encryption
on the data socket. Then, if the server replies with a 200 error code
everything goes on with SSL/TLS.

But the server can also reply with a 534 error code which according to RFC
means "I don't want _this_ protocol on the data socket".

When your client get that 534 error code, it immediately ends the session.

Maybe it would be nicer in this case to retry with "PROT C" to fallback to

Your software wouldn't break with servers that only want the connection
channel encrypted.

Sure, there is an option in your software to explicitely have a clear data
connection. But this is rather confusing for end users. An automatic
fallback would be more convenient.

Please let me know if this issue is addressed in a newer release so that
the part about your product in the TLS documentation of Pure-FTPd can be
updated on http://www.pureftpd.org/README.TLS
axey is offline  
Old 08-04-2003, 11:32 PM   #2
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
bigstar's Avatar
Join Date: Oct 2001
Posts: 8,012

I think to automatically fall back to a clear data connection might be considered a security risk.
bigstar is offline  
Old 08-05-2003, 12:56 PM   #3
Join Date: Oct 2001
Location: New Mexico, USA
Posts: 1,070

I'm with bigstar on this one.
Linkster is offline  

code, connection, data, socket, ssl/tls

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 04:02 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)