Although the definition of "FTP with implicit SSL" varies depending on who you ask, its my understanding that it means that the entire FTP session is conducted over TLS/SSL.
If thats true, shouldn't the data channel default to the "P" or private setting? As of now, it defaults to clear (which is the specified behavior in RFC 2228). I have FTP clients that are connecting over implicit SSL without issuing the PROT command. When they go to transfer a file, FtpServer sets up a plain socket for the data channel instead of an SSL one and the transfer never completes. Would it be appropriate for the ServerDataConnectionFactory to have the "secure" property set to true by default if the session is using implicit SSL? Thanks Kevin Conaway
