Hello Alexander, I'm using lftp-3.0.13 with these settings:
set ftp:ssl-force true set ftp:ssl-protect-list true set ftp:ssl-protect-data false I am doing FXP between two sites using the 'mirror' command. I noticed that lftp sends 'PROT P' before its dir listing (which is correct), but when it wants to transfer a file, it issues 'PROT C' _before_ it sends PASV/PORT, and then it sends STOR/RETR. That means the last PASV/PORT commands were not encrypted, correct? I think all commands should be encrypted (dir listing and control connection). Can the order be changed to reflect: 1) login 2) PROT P/PROT P (encrypt dir listing and control connection) 3) LIST/LIST (see what's there) 4) PASV/PORT (to send file) 5) PROT C/PROT C (don't encrypt file transfer) 6) STOR/RETR (transfer file) 7) PROT P/PROT P (back to default protection mode) I want all commands being sent to the servers to be encrypted, not just dir listing, so that includes PASV/PORT commands. I've included some output below. Also, I see PROT C being issued three times (below), not sure why. Take care! -Vahid *** Login/authenticate here... ---> PROT P ---> PROT P <--- 200 Protection set to Private ---> TYPE A <--- 200 Type set to A. ---> PASV <--- 200 Protection set to Private ---> PASV <--- 227 Entering Passive Mode (1,1,1,1,78,127) ---- Connecting data socket to (1.1.1.1) port 20095 ---> LIST <--- 227 Entering Passive Mode (2,2,2,2,34,17) ---- Connecting data socket to (2.2.2.2) port 8721 ---> LIST <--- 150 Opening ASCII mode data connection for directory listing. ---- Got EOF on data connection ---- Closing data socket ---> TYPE I <--- 200 Type set to I. <--- 150 Opening BINARY mode data connection for directory listing. ---- Got EOF on data connection ---- Closing data socket ---> TYPE I <--- 200 Type set to I. copy src: seek past eof (seek_pos=0, size=0) copy: get hit eof copy: waiting for put confirmation ---> PROT C copy: put confirmed store copy: get is finished - all done ---> PROT C <--- 200 Protection set to Clear ---> PROT C <--- 200 Protection set to Clear ---> PASV <--- 200 Protection set to Clear <--- 227 Entering Passive Mode (1,1,1,1,78,188) ---> PORT 1,1,1,1,78,188 <--- 200 PORT command successful. ---> STOR myfilehere.bin ---> RETR myfilehere.bin ===== Make it better before you make it faster. ===== __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
