Re: FTP over SSL
At 10:27 24.10.2001 +1300, you wrote: On Wed 23 Oct 2001, Scott Klement wrote: For a MS-Windows client that can connect using FTP over SSL, go here: http://www.wsftp.org/ Thanks Scott. Much appreciated. I do not especially want to write my own ssl/ftp client so I'll go with the above links. But be warned that WS FTP uses only 40 bit export ciphers, at least the versions which i checked (V6.6 and V7.0-Tryout). Another possibility is CuteFTP, which uses strong encryption. A possible drawback with both clients is that it is not possible to encrypt only the control connection (in case when you only want to protect the password with SSL). This may have a severe impact on the transfer rate. The third Windows-Client known to me is Igloo FTP, which allows to encrypt only the control connection, but is restricted to weak 40 bit export ciphers too. A further drawback of WS FTP and Cute FTP is, that they use for the data connection a new SSL session (no resumption of the SSL session of the control connection). This leads to an unnecessary high load on the FTP server. Some server may therefore even disallow the use of a separate session for the data connection. All in all there is IMHO no Windows FTP client, which could be currently recommended unrestricted. (CuteFTP: www.globalscape.com, Igloo FTP: www.iglooftp.com). Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH, EP LP COM 5 Phone/Fax: +49-89-636-47852 / 47655 E-Mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
The implementation of AUTH SSL/TLS in the FTP client support that comes with Kermit 95 and C-Kermit 8.0 http://www.kermit-project.org/ftpd.html supports all ciphers supported by OpenSSL; reuses the session for the data connections; and properly performs verification of server certificates unlike several other clients; and supports the use of client certificates. But be warned that WS FTP uses only 40 bit export ciphers, at least the versions which i checked (V6.6 and V7.0-Tryout). Another possibility is CuteFTP, which uses strong encryption. A possible drawback with both clients is that it is not possible to encrypt only the control connection (in case when you only want to protect the password with SSL). This may have a severe impact on the transfer rate. The third Windows-Client known to me is Igloo FTP, which allows to encrypt only the control connection, but is restricted to weak 40 bit export ciphers too. A further drawback of WS FTP and Cute FTP is, that they use for the data connection a new SSL session (no resumption of the SSL session of the control connection). This leads to an unnecessary high load on the FTP server. Some server may therefore even disallow the use of a separate session for the data connection. All in all there is IMHO no Windows FTP client, which could be currently recommended unrestricted. (CuteFTP: www.globalscape.com, Igloo FTP: www.iglooftp.com). Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH, EP LP COM 5 Phone/Fax: +49-89-636-47852 / 47655 E-Mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
At 09:19 24.10.2001 EDT, you wrote: The implementation of AUTH SSL/TLS in the FTP client support that comes with Kermit 95 and C-Kermit 8.0 http://www.kermit-project.org/ftpd.html supports all ciphers supported by OpenSSL; reuses the session for the data connections; and properly performs ver I have tried to get the trial version of the secure variant of K95 with no success (i am directed to the URL http://www.cryptography.org/freecryp.htm which seems to be non-existant), probably because i am living/working outside USA/Canada. All in all there is IMHO no Windows FTP client, which could be currently recommended unrestricted. Well, i should have written Windows FTP client with a GUI ;-). Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH, EP LP COM 5 Phone/Fax: +49-89-636-47852 / 47655 E-Mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
On Wed, Oct 24, 2001 at 02:56:39PM +0200, Richard Koenning wrote: But be warned that WS FTP uses only 40 bit export ciphers, at least the versions which i checked (V6.6 and V7.0-Tryout). Another possibility is CuteFTP, which uses strong encryption. A possible drawback with both clients is that it is not possible to encrypt only the control connection (in case when you only want to protect the password with SSL). This may have a severe impact on the transfer rate. The third Windows-Client known to me is Igloo FTP, which allows to encrypt only the control connection, but is restricted to weak 40 bit export ciphers too. One more. ;-) plug If you cannot find a Windows GUI client to your satisfaction, try a programmable client. M2Crypto, a Python interface to OpenSSL, offers FTP/TLS client and server in the current snapshot. http://www.post1.com/home/ngps/m2/ /plug -- Ng Pheng Siong [EMAIL PROTECTED] * http://www.post1.com/home/ngps __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
On Tue, 23 Oct 2001, Hamish Kibblewhite wrote: Hi, I want to be able to get a file from an AS400. I would like to be able to use ftp over SSL. Can anyone point me at what I need to do / read to get a file using SSL? The AS/400 (iSeries/400), in V5R1 of OS/400, is capable of doing FTP over TLS/SSL. Some other people have suggested using SSH, which is _not_ available on the AS/400. To set up FTP over SSL on your AS/400, go here: http://publib.boulder.ibm.com/html/as400/v5r1/ic2924/info/rzain/rzainoverview.htm For a MS-Windows client that can connect using FTP over SSL, go here: http://www.wsftp.org/ I have had a look around with some google searches and believe I can *probably* do this with perl and Net::SSLeay. What I don't understand is how to arrive at the right incantation to make everything happen. I know nothing about certificates / how to use Net::SSLeay to set up a ftp get under SSL and so on...and after all my searching / reading know I have to know a bit about these subjects If anyone can help by pointing at the right documentation to read to know what ssl calls to make and / or point me to SSLeay documentation that would show me how to make the right calls under perl I would be very grateful. If you're *REALLY* looking to write your own FTP client that does SSL, I'd suggest you start by just writing a non-SSL FTP client. Get used to the mechanics of FTP, as this is 98% of the work. Do learn the FTP protocol, go to http://www.rfc-editor.org and do a search for FTP. RFC 959 is the primary standard for FTP, but many little modifications have been released over the years. Once you've gotten familiar with the FTP protocol, then check out the documentation for net::SSLeay, which should explain how to upgrade your TCP connections to be TLS/SSL connections. Aside from which port you connect to, this should be the only difference between standard FTP and SSL-FTP. thanks and regards, Hamish Kibblewhite Hope that helps... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
On Tue, Oct 23, 2001 at 11:39:13AM +1300, Hamish Kibblewhite wrote: Hi, I want to be able to get a file from an AS400. I would like to be able to use ftp over SSL. Can anyone point me at what I need to do / read to get a file using SSL? I have had a look around with some google searches and believe I can *probably* do this with perl and Net::SSLeay. What I don't understand is how to arrive at the right incantation to make everything happen. I know nothing about certificates / how to use Net::SSLeay to set up a ftp get under SSL and so on...and after all my searching / reading know I have to know a bit about these subjects If anyone can help by pointing at the right documentation to read to know what ssl calls to make and / or point me to SSLeay documentation that would show me how to make the right calls under perl I would be very grateful. It isn't clear to me whether you're looking for a server, a client, or both... On the server side, there's a patchset for ProFTPd that purports to add TLS support; but I haven't tried it yet. You can find a link to it on the ProFTPd web site (http://www.proftpd.org/) -Pat __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
On Wed 23 Oct 2001, Scott Klement wrote: Hi, I want to be able to get a file from an AS400. I would like to be able to use ftp over SSL. Can anyone point me at what I need to do / read to get a file using SSL? The AS/400 (iSeries/400), in V5R1 of OS/400, is capable of doing FTP over TLS/SSL. Some other people have suggested using SSH, which is _not_ available on the AS/400. To set up FTP over SSL on your AS/400, go here: http://publib.boulder.ibm.com/html/as400/v5r1/ic2924/info/rzain/rzainoverview.htm For a MS-Windows client that can connect using FTP over SSL, go here: http://www.wsftp.org/ Thanks Scott. Much appreciated. I do not especially want to write my own ssl/ftp client so I'll go with the above links. regards, Hamish Kibblewhite __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
