On Tuesday 31 May 2011 11:47:58 pm Daniel Fazekas wrote: 
> I too got confused by that name though last time, so don't even use
>  "ftps://" with lftp since that is for implicit ftps, sorry about the bad
>  advice. For explicit TLS just open it like "ftp://"; or you don't even need
>  to specify a protocol since ftp is the default. Using an encrypted control
>  connection when available is also turned on by default in lftp (set
>  ftp:use-feat yes, set ftp:ssl-allow yes).
> So you really don't have to do anything but open it normally like
> $ lftp jack.masquilier....@ftp.ocsa-data.net
> and you should be good to go.

Thanks. It works indeed, but I am back to my own starting point. I was trying 
the ftps:// prefix to force a secure connection (maybe I was too clever for my 
own good).

With the settings you suggest, how do I know I have a secure connection?
What tell-tale sign can I look to to ascertain that my connection is secure 
and that the credentials (username, password) have not been sent in clear over 
the network?

Again, the man page does not differentiate between the various protocols, so I 
am double-plus unclear as to what options are available for which protocol.

You advise:
set ftp:ssl-allow true

I tried:
set ftp:ssl-force true
but I get:
"Login failed: ftp:ssl-force is set and server does not support or allow SSL"

What's odd is the ftp:use-feat option.
I tried to set it to on then to off, copying the debug output into 2 text 
and then using diff to spot the differences.

The following lines are only present with:
set ftp:use-feat true
---> FEAT
<--- 211-Extensions supported:
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  ESTP
<---  PASV
<---  EPSV
<---  SPSV
<--- 211 End.
---> OPTS MLST type;size;modify;UNIX.mode;UNIX.uid;UNIX.gid;
<--- 200  MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique

The following lines are only present with:
set ftp:use-feat false
<--- 234 AUTH TLS OK.
Certificate depth: 1; subject: /O=Root CA/OU=http://www.cacert.org/CN=CA Cert 
Signing Authority/emailAddress=supportatcacert.org; issuer: /O=Root 
CA/OU=http://www.cacert.org/CN=CA Cert Signing 

So, what's weird is that  AUTH TLS and the certificate details are only present 
when use-feat is set to FALSE!

So, how do I know that the connection is secure?
How to prevent unsecure connections with FTPS (explicit) knowing that 
ftp:ssl-force true does not work (see above)?

When searching the web earlier, I found other people asking very similar 
questions. There is a lot of confusion surrounding these topics; that's why I 
am offering, with your help, to clearly document all of this.

Thanks again,



Friends: http://www.reuniting.info/
My projects:
http://astralcity.org/ http://3enjeux.overshoot.tv/ http://linux.overshoot.tv/ 
http://overshoot.tv/ http://charityware.info/ http://masquilier.org/
http://openteacher.info/ http://minguo.info/ 
http://www.wechange.org/ http://searching911.info/


Reply via email to