> I use the 01cert.pem etc. as example files SSL client applications don't need certificate or private key files, unless the server is high security and requires secure identification of remote users, like access to corporate LANs, money transfer services. You only need a root CA file bundle, and ICS now bundles one in wsocket as constants.
> when I look at the data being transferred with Wireshark, I see > that everything is encrypted except for the response to the > DirAsync command. Should be easy to answer, but actually not. Each data connection uses a separate TCP connection that requires a new SSL handshake, which is quite expensive in packets. So data encryption is optional, defined by the PROT command, C means clear, P means private which in modern terms means SSL. Clear might be acceptable if the files are already encrypted and the overhead of extra encryption is not required. Remember this stuff was devised back in 1997 when computing power and memory where expensive, and no-one envisaged how it might be implemented in the future. Assuming you have set protection to P, the ICS client should be opening an SSL connection for directory related commands, there are several. I have a log that shows 04:05:00 > XDMLSD -R 004:05:00 ! SSL Connected OK with TLSv1.2, cipher ECDHE-RSA-AES256-GCM-SHA384, key auth RSA, key exchange ECDH, encryption AESGCM(256), message auth AEAD So it's working with that particular directory command (only supported by the ICS FTP server). But I can no say it works will all versions, some of which use the control channel instead (which should be encrypted anyway). Assuming you are logging the SSL handshake event and FTP commands, your application should tell you want is encrypted and how. This is all down the client, not the server. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be