Go Back   FlashFXP Forums > > > >

Suggestions Post suggestions for upcoming versions

 
 
Thread Tools Display Modes
Old 08-04-2003, 07:10 AM   #1
axey
Junior Member
 
Join Date: Aug 2003
Posts: 1
Smile SSL/TLS and PROT command suggestion

When an explicit TLS session is started, the negociation goes fine. Your
client properly sends "AUTH TLS", the encryption layer is turned on on the
connection socket, then "PBSZ" is sent. All is ok.

The problem comes when the server is configured to use SSL/TLS on the
connection socket, but the data socket is intentionnaly left unencrypted.

Your client sends the "PROT" command to ask for possible SSL/TLS encryption
on the data socket. Then, if the server replies with a 200 error code
everything goes on with SSL/TLS.

But the server can also reply with a 534 error code which according to RFC
means "I don't want _this_ protocol on the data socket".

When your client get that 534 error code, it immediately ends the session.

Maybe it would be nicer in this case to retry with "PROT C" to fallback to
cleartext.

Your software wouldn't break with servers that only want the connection
channel encrypted.

Sure, there is an option in your software to explicitely have a clear data
connection. But this is rather confusing for end users. An automatic
fallback would be more convenient.

Please let me know if this issue is addressed in a newer release so that
the part about your product in the TLS documentation of Pure-FTPd can be
updated on http://www.pureftpd.org/README.TLS
axey is offline  
Old 08-04-2003, 11:32 PM   #2
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

I think to automatically fall back to a clear data connection might be considered a security risk.
bigstar is offline  
Old 08-05-2003, 12:56 PM   #3
Linkster
Moderator
Administrator
 
Join Date: Oct 2001
Location: New Mexico, USA
Posts: 1,070
Default

I'm with bigstar on this one.
Linkster is offline  
 

Tags
code, connection, data, socket, ssl/tls

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 12:30 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)