[stunnel-users] some thoughts of add ftp server proxy support to stunnel4. comments required

• Previous message (by thread): [stunnel-users] some thoughts of add ftp server proxy support to stunnel4. comments required
• Next message (by thread): [stunnel-users] 3.x branch updates
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ZHUANG YUYAO <zhuangyy at netease.com> wrote on 28-07-2005 06:10:04:

> Hi,
>
> I am thinking about adding ftp protocol support to stunnel4. first, some
> restrictions to simplify the implimentation:

...

> 3) only support FTP implicit SSL and PASSIVE mode;
>

I would strongly discourage you from adopting FTP with implicit SSL.
As I write,
ftp://ftp.isi.edu/internet-drafts/draft-murray-auth-ftp-ssl-16.txt
is three slots from the top of the RFC editor's queue, meaning it is likely
to
become in RFC in the next few weeks. This specifies that implicit SSL is
deprecated, and this was done because the IETF disapproves of implicit SSL
in principle (I believe HTTPS slipped through because it was a de-facto
standard by the time it was written up as an RFC).

I'm not sure how you could implement explicit SSL using stunnel without
putting
some very FTP specific code right into stunnel. There are a few
implementations
of FTPS to FTP proxies out there already however:
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html#proxy

• Previous message (by thread): [stunnel-users] some thoughts of add ftp server proxy support to stunnel4. comments required
• Next message (by thread): [stunnel-users] 3.x branch updates
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]