[stunnel-users] some thoughts of add ftp server proxy support to stunnel4. comments required

John Hartnup1 hartnuj at uk.ibm.com
Sat Jul 30 17:17:08 CEST 2005

ZHUANG YUYAO <zhuangyy at netease.com> wrote on 28-07-2005 06:10:04:

> Hi,
> I am thinking about adding ftp protocol support to stunnel4. first, some
> restrictions to simplify the implimentation:


> 3) only support FTP implicit SSL and PASSIVE mode;

I would strongly discourage you from adopting FTP with implicit SSL.
As I write,
is three slots from the top of the RFC editor's queue, meaning it is likely
become in RFC in the next few weeks. This specifies that implicit SSL is
deprecated, and this was done because the IETF disapproves of implicit SSL
in principle (I believe HTTPS slipped through because it was a de-facto
standard by the time it was written up as an RFC).

I'm not sure how you could implement explicit SSL using stunnel without
some very FTP specific code right into stunnel. There are a few
of FTPS to FTP proxies out there already however:

More information about the stunnel-users mailing list