Article delegate-en/3512 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: ftp to ftp gateway +(optional TLS)
28 Sep 2006 18:46:59 GMT (Yutaka Sato)
The DeleGate Project

In message <_A3510@delegate-en.ML_> on 09/28/06(21:32:59)
you Steve Brown <> wrote:
 |Is it possible to configure delegate as an ftp proxy, so that a plain
 |ftp client can connect to a remote site, and *if* that remote site
 |supports TLS have delegate start a TLS encrypted session with the remote
 |site, and a plain session with the client?
 |I've read that delegate can behave as a gateway to an sftp server with
 |./delegated -P21 SERVER=ftp MOUNT="/* ftps://server/*" STLS=fsv

At least it should be as follows:

  ./delegated -P21 SERVER=ftp MOUNT="/* ftp://server/*" STLS=-fsv

The protocol name "ftps:" means using TLS over a dedicated port (990)
without negotiation procedure in FTP protocol (implicitly negotiated).

"STLS=-fsv" means doing TLS with a server optionally if it's available.
It is done by explicit START TLS negotiation by FTP command (AUTH TLS
based on RFC4217) on the standard FTP port (21).

Similarly "STLS=-fcl" means doing TLS with a client optionally. In this
case the TLS negotiation can be either implicit or explicit because
the FTP server (DeleGate) can detect implicit use of TLS (SSL) with
detection of Client_Hello packet sent first from the client of FTPS.

 |but (apart from the fact sftp isn't TLS) that _requires_ the remote site
 |to always support sftp. I'd like it to be an option.
 |For TLS read an ftp session negotiated up to a TLS encrypted session
 |still using ports 20,21.

  9 9   Yutaka Sato <>
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]