cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: FTPS status report

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Sat, 22 Nov 2003 22:35:47 +0100 (CET)

On Fri, 21 Nov 2003, Dan Fandrich wrote:

> > I don't think so. Since 7.10.8 assumes that the data connection will be
> > setup unencrypted, while at least the server I've worked against now
> > assumes the data connection encrypted when the initial connection is made
> > using SSL.
>
> This sounds like the "SSL connect" behaviour. Servers implementing the
> AUTH SSL or AUTH TLS behaviour assume the initial connection will be done
> without SSL.

Yes, but the question is what the "SSL connect" servers assume the data
connection to be: with or without SSL.

> What I get out of reading that web page is that servers will always connect
> without SSL on port 21 and use an AUTH SSL or AUTH TLS to negotiate SSL, and
> servers will always connect with SSL on port 990, without using any AUTH
> command.

Right, that's how the upcoming ftps support will work. If ftps:// is used,
libcurl will attempt to connect using SSL right away.

> > All ftps:// URLs will use SSL automaticly for both connections. I haven't
> > yet set a default port number for ftps:// urls. Is 990 the one to use?
>
> I thought this was the behaviour in 7.10.8. Are you saying the new ftps
> implementation will not be using either of the AUTH commands to negotiate
> SSL?

I'm not saying that. I'm saying that the new implmentation supports two
approaches:

1. ftps:// which uses SSL on the control connection right away, and that
   assumes the data connection to use SSL too

2. ftp:// with the proper option set, which will try to "upgrade" the
   control connection to use SSL (using 'AUTH TLS') and then it'll attempt to
   upgrade the data connection as well.

The curl 7.10.8 behavior is different than these:

3. ftps:// which uses SSL on the control connection right away, and that
   assumes the data connection *DOES NOT* use SSL.

-- 
    Daniel Stenberg -- http://curl.haxx.se/ -- http://daniel.haxx.se/
 [[ Do not post private mails to this email address. They won't reach me. ]]
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
Received on 2003-11-22