View Single Post
Old 07-04-2002, 11:23 AM  
Screami
Junior Member
 
Join Date: Jul 2002
Posts: 2
Default [SSL] command order, PROT issue

Hi all,

I am not sure if this is considered a bug. rfc2228 says command order should not play any role and "clients SHOULD be coded in such a manner as to allow the timing of the AUTH, PBSZ and PROT
commands to be flexible and dictated by the server".

Since I use an open source ftp server, changing the source to accept ffxps order is not a big deal, but probably you could make this point (PBSZ/PROT, USER/PASS order) configurable in some way?!
E.g. bsdftpd-ssl usually replies to a PBSZ/PROT before USER/PASS with "503 Use AUTH command first." One could even use that reply to auto-sense the behaviour of ffxp, but I am not sure about other ftp server replies, so it´s probably not that easy. Some sort of checkbox in SSL options would do fine for me, too...


Another point I consider a bug is: AUTH SSL should not issue a PROT command, since ftp-data it is protected anyway by the implicit nature of the AUTH SSL mode. Even if the checkbox "encrypted data" is checked, ffxp should not send PROT.
Of course it´s just a cosmetic issue having "PROT command only allowed in TLS mode" in the logs, but if ffxp claims being rfc2228 compliant, it should not do that, I think.


-screami
Screami is offline