In message <_A3510@delegate-en.ML_> on 09/28/06(21:32:59)
you Steve Brown <email@example.com> wrote:
|Is it possible to configure delegate as an ftp proxy, so that a plain
|ftp client can connect to a remote site, and *if* that remote site
|supports TLS have delegate start a TLS encrypted session with the remote
|site, and a plain session with the client?
|I've read that delegate can behave as a gateway to an sftp server with
|./delegated -P21 SERVER=ftp MOUNT="/* ftps://server/*" STLS=fsv
At least it should be as follows:
./delegated -P21 SERVER=ftp MOUNT="/* ftp://server/*" STLS=-fsv
The protocol name "ftps:" means using TLS over a dedicated port (990)
without negotiation procedure in FTP protocol (implicitly negotiated).
"STLS=-fsv" means doing TLS with a server optionally if it's available.
It is done by explicit START TLS negotiation by FTP command (AUTH TLS
based on RFC4217) on the standard FTP port (21).
Similarly "STLS=-fcl" means doing TLS with a client optionally. In this
case the TLS negotiation can be either implicit or explicit because
the FTP server (DeleGate) can detect implicit use of TLS (SSL) with
detection of Client_Hello packet sent first from the client of FTPS.
|but (apart from the fact sftp isn't TLS) that _requires_ the remote site
|to always support sftp. I'd like it to be an option.
|For TLS read an ftp session negotiated up to a TLS encrypted session
|still using ports 20,21.
9 9 Yutaka Sato <firstname.lastname@example.org> http://delegate.org/y.sato/
( ~ ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller