Hi Dustin,
dustin hunter wrote:
I pulled your trunk code and got an embedded FTPS server up and running
(exactly what I needed). I noticed however, that while the authentication
seems to work, it also allows non-secure clients to login.
Do you know how I can disable this?
What you could do, is to only use implicit SSL
(http://incubator.apache.org/ftpserver/tlsssl-support.html). However,
that will only force SSL for the control socket, not for the data
socket. What we could do in FtpServer is to offer a configuration that
would not allow any commands that use the data socket until the client
sends a PROT P command. Would that be appropriate for your needs?
What would you all think of this, would it be useful? What would be the
correct error code to send in the case where a client for example sends
a LIST and haven't done a PROT first?
/niklas
