On Fri, Dec 12, 2008 at 3:58 PM, Sai Pullabhotla <[email protected]> wrote: > The client, FileZilla, ignored the error on PROT P and continued on. > Things go a little too fast to be noticed.
That's pretty bad as it "silently" puts the user in danger. > I think it is not a bad > idea to automatically use the same SSL configuration. I can't think of > any thing where an API caller wants different SSL configurations for > control and data connections. Can you? Well, you can always think of cases if you try hard enough :-) But, I certainly thinks it makes sense to default to using the same configuration but allow for overriding. I've added a JIRA issue for this. /niklas
