Re: Enforcing SSL

Thu, 10 May 2007 17:52:05 -0700 

I'm arriving a little late to this discussion, but I do think it would be
very useful to provide a means for turning away clients at the point of the
USER command if the connection is not secure. Requiring explicit SSL is one
solution, but it is somewhat restrictive since explicit initiation via AUTH
TLS is so common these days.

I had a less restrictive requirement to do this only if client-authenticated
SSL was configured (since accepting clear connections would defeat the
purpose of client authentication). I implemented it in USER.execute() as
follows:

    if (connection.getControlSocket() != null &&
!(connection.getControlSocket() instanceof SSLSocket)) {
        Ssl ssl = serverContext.getSocketFactory().getSSL();
        if (ssl != null && ssl instanceof DefaultSsl) {
            if (((DefaultSsl)ssl).isClientAuthRequired()) {
                log.warn("Client attempted to login without an authenticated
secure connection: " + connection.getControlSocket());
                out.send(501, "USER.client.auth.required", null);
                return;
            }
        }
    }

This also required an additional entry in the message file:

501.USER.client.auth.required=Secure connection with client authentication
certificate is required to login.

And it required the addition of a getSSL() method to DefaultSSL().

That¹s probably not the cleanest implementation, but you get the idea. In my
particular case I did not need to require SSL unless client authentication
was configured. But it would be even more flexible to have a configuration
option to require SSL whether or not client authentication is configured.

Clint

On 5/1/07 12:06 PM, "Niklas Gustavsson" <[EMAIL PROTECTED]> wrote:

> I'm probably particular thick today  :-) Just to make sure I understand
> what you mean. What you would like is to have an option that enforces a
> client to send the AUTH command before USER/PASS, right? How would this
> differ from setting up the listener to always use SSL on the control
> socket (with implicit SSL)? If using imlicit SSL, the client would be
> forced to, or it could not even get through the SSL handshake and
> establish a socket connection.
> 
> /niklas

Reply via email to