this is my client need, he want private FTPS server so only customer that have the client program can access his server, and block all public ftp client, the project is about remote updating application using FTPS server and client part is component that I will code to add to another application so it get update from server, so it don't need the server send PK, the idea is that the client send the one coded inside to the server after the hello negotiation so the server valid only his trusted client and denied all public ftp client.
-------------------------------------------------- From: "Francois PIETTE" <[EMAIL PROTECTED]> Sent: Monday, October 20, 2008 5:51 AM To: "ICS support mailing" <twsocket@elists.org> Subject: Re: [twsocket] FTPS server with special need >> I have project to code special FTPS server that don't need the server to >> send >> Public key to client but get this key from hard coded >> maybe in string or streaming inside client program and after the client >> is >> recognized like one trusted client then gave access to his directory >> 1) client connects using TCP/IP >> 2) Client says HELLO or whatever using public certificate without >> negotiating certificates with server >> 3) client authenticates using encrypted SSL, client send his internal >> certificate to server to be reconized >> any idea how I do this > > You'd better design your own protocol instead of trying to tweak FTPS. > > btw: What is the rationale behind your idea ? I don't understand clearly > the > benefits. And I see very well what could be the pitfall: the so called > "man > in the middle" attack. > > -- > [EMAIL PROTECTED] > The author of the freeware multi-tier middleware MidWare > The author of the freeware Internet Component Suite (ICS) > http://www.overbyte.be > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be