On Mon, Nov 24, 2003 at 05:10:08AM -0800, Roboco Sanchez wrote: > > Note that during FXP the data is not encrypted. > > > > -- > > Alexander. > > I was typing my report of that problem. Seems to be > another bug. Doesn't encrypt the data connection at > all even with "set ftp:ssl-protect-data yes" as lftp > always uses PROT C before it transfers the data.
Not a bug, but an unimplemented feature. I'm not sure if it possible at all, since SSL_copy_session_id should be used on data socket so that ssl session id is the same on data and control connections. Maybe some ftp servers don't check for session id, but that should be considered a security weakness (IMHO). -- Alexander.
