Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

FTP over SSL

48 views
Skip to first unread message

Hamish Kibblewhite

unread,
Oct 22, 2001, 6:46:20 PM10/22/01
to
Hi,
I want to be able to get a file from an AS400. I would like to be
able to use ftp over SSL. Can anyone point me at what I need to do / read
to get a file using SSL?

I have had a look around with some google searches and believe I can
*probably* do this with perl and Net::SSLeay. What I don't understand is
how to arrive at the right incantation to make everything happen.

I know nothing about certificates / how to use Net::SSLeay to set up a ftp
get under SSL and so on...and after all my searching / reading know I have
to know a bit about these subjects....

If anyone can help by pointing at the right documentation to read to know
what ssl calls to make and / or point me to SSLeay documentation that would
show me how to make the right calls under perl I would be very grateful.

thanks and regards,
Hamish Kibblewhite

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Jeffrey Altman

unread,
Oct 22, 2001, 9:07:06 PM10/22/01
to
> Hi,
> I want to be able to get a file from an AS400. I would like to be
> able to use ftp over SSL. Can anyone point me at what I need to do / read
> to get a file using SSL?

Use an SSL enabled FTP client with an SSL enabled FTP server.
See

http://www.kermit-project.org/ftpd.html

Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available
The Kermit Project @ Columbia University includes Secure Telnet and FTP
http://www.kermit-project.org/ using Kerberos, SRP, and
kermit-...@kermit-project.org OpenSSL. SSH soon to follow.

te...@terralogic.net

unread,
Oct 23, 2001, 7:50:54 AM10/23/01
to
This may be off topic. If the AS400 supports it - look for ssh and use SCP. THere is a program called WINscp that you can find at www.motd.ca

If its not there - let me know. I'm not sure where it originates but ti solves a problem nicely. May not be feasible for you or what you're looking for of course.

Good Luck

On Tue, Oct 23, 2001 at 11:39:13AM +1300, Hamish Kibblewhite wrote:
> Hi,
> I want to be able to get a file from an AS400. I would like to be
> able to use ftp over SSL. Can anyone point me at what I need to do / read
> to get a file using SSL?
>

> I have had a look around with some google searches and believe I can
> *probably* do this with perl and Net::SSLeay. What I don't understand is
> how to arrive at the right incantation to make everything happen.
>
> I know nothing about certificates / how to use Net::SSLeay to set up a ftp
> get under SSL and so on...and after all my searching / reading know I have
> to know a bit about these subjects....
>
> If anyone can help by pointing at the right documentation to read to know
> what ssl calls to make and / or point me to SSLeay documentation that would
> show me how to make the right calls under perl I would be very grateful.
>
> thanks and regards,
> Hamish Kibblewhite
>

Scott Klement

unread,
Oct 23, 2001, 12:45:05 PM10/23/01
to

On Tue, 23 Oct 2001, Hamish Kibblewhite wrote:

> Hi,
> I want to be able to get a file from an AS400. I would like to be
> able to use ftp over SSL. Can anyone point me at what I need to do / read
> to get a file using SSL?

The AS/400 (iSeries/400), in V5R1 of OS/400, is capable of doing FTP over
TLS/SSL. Some other people have suggested using SSH, which is _not_
available on the AS/400.

To set up FTP over SSL on your AS/400, go here:
http://publib.boulder.ibm.com/html/as400/v5r1/ic2924/info/rzain/rzainoverview.htm

For a MS-Windows client that can connect using FTP over SSL, go here:
http://www.wsftp.org/


>
> I have had a look around with some google searches and believe I can
> *probably* do this with perl and Net::SSLeay. What I don't understand is
> how to arrive at the right incantation to make everything happen.
>
> I know nothing about certificates / how to use Net::SSLeay to set up a ftp
> get under SSL and so on...and after all my searching / reading know I have
> to know a bit about these subjects....
>
> If anyone can help by pointing at the right documentation to read to know
> what ssl calls to make and / or point me to SSLeay documentation that would
> show me how to make the right calls under perl I would be very grateful.

If you're *REALLY* looking to write your own FTP client that does SSL,
I'd suggest you start by just writing a non-SSL FTP client. Get used
to the mechanics of FTP, as this is 98% of the work.

Do learn the FTP protocol, go to http://www.rfc-editor.org and do
a search for FTP. RFC 959 is the primary standard for FTP, but many
little modifications have been released over the years.

Once you've gotten familiar with the FTP protocol, then check out the
documentation for net::SSLeay, which should explain how to upgrade your
TCP connections to be TLS/SSL connections. Aside from which port you
connect to, this should be the only difference between standard FTP and
SSL-FTP.

>
> thanks and regards,
> Hamish Kibblewhite
>

Hope that helps...

Pat Lashley

unread,
Oct 23, 2001, 3:50:53 PM10/23/01
to
On Tue, Oct 23, 2001 at 11:39:13AM +1300, Hamish Kibblewhite wrote:
> Hi,
> I want to be able to get a file from an AS400. I would like to be
> able to use ftp over SSL. Can anyone point me at what I need to do /
> read to get a file using SSL?
>
> I have had a look around with some google searches and believe I can
> *probably* do this with perl and Net::SSLeay. What I don't understand is
> how to arrive at the right incantation to make everything happen.
>
> I know nothing about certificates / how to use Net::SSLeay to set up a
> ftp get under SSL and so on...and after all my searching / reading know
> I have to know a bit about these subjects....
>
> If anyone can help by pointing at the right documentation to read to know
> what ssl calls to make and / or point me to SSLeay documentation that
> would show me how to make the right calls under perl I would be very
> grateful.

It isn't clear to me whether you're looking for a server, a client,
or both...

On the server side, there's a patchset for ProFTPd that purports
to add TLS support; but I haven't tried it yet. You can find a
link to it on the ProFTPd web site (http://www.proftpd.org/)

-Pat

Hamish Kibblewhite

unread,
Oct 23, 2001, 5:37:13 PM10/23/01
to

On Wed 23 Oct 2001, Scott Klement wrote:

>> Hi,
>> I want to be able to get a file from an AS400. I would like to be
>> able to use ftp over SSL. Can anyone point me at what I need to do /
read
>> to get a file using SSL?

>The AS/400 (iSeries/400), in V5R1 of OS/400, is capable of doing FTP over


>TLS/SSL. Some other people have suggested using SSH, which is _not_
>available on the AS/400.

>To set up FTP over SSL on your AS/400, go here:
>http://publib.boulder.ibm.com/html/as400/v5r1/ic2924/info/rzain/rzainoverview.htm


>For a MS-Windows client that can connect using FTP over SSL, go here:
> http://www.wsftp.org/

Thanks Scott. Much appreciated. I do not especially want to write my own
ssl/ftp client so I'll go with the above links.

regards,
Hamish Kibblewhite

Richard Koenning

unread,
Oct 24, 2001, 8:56:18 AM10/24/01
to
At 10:27 24.10.2001 +1300, you wrote:
>
>On Wed 23 Oct 2001, Scott Klement wrote:
>
>>For a MS-Windows client that can connect using FTP over SSL, go here:
>> http://www.wsftp.org/
>
>Thanks Scott. Much appreciated. I do not especially want to write my own
>ssl/ftp client so I'll go with the above links.

But be warned that WS FTP uses only 40 bit export ciphers, at least the
versions which i checked (V6.6 and V7.0-Tryout). Another possibility is
CuteFTP, which uses strong encryption. A possible drawback with both
clients is that it is not possible to encrypt only the control connection
(in case when you only want to protect the password with SSL). This may
have a severe impact on the transfer rate. The third Windows-Client known
to me is Igloo FTP, which allows to encrypt only the control connection,
but is restricted to weak 40 bit export ciphers too.
A further drawback of WS FTP and Cute FTP is, that they use for the data
connection a new SSL session (no resumption of the SSL session of the
control connection). This leads to an unnecessary high load on the FTP
server. Some server may therefore even disallow the use of a separate
session for the data connection.
All in all there is IMHO no Windows FTP client, which could be currently
recommended unrestricted.
(CuteFTP: www.globalscape.com, Igloo FTP: www.iglooftp.com).
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH, EP LP COM 5
Phone/Fax: +49-89-636-47852 / 47655
E-Mail: Richard....@fujitsu-siemens.com

kermit-...@columbia.edu

unread,
Oct 24, 2001, 9:22:26 AM10/24/01
to
The implementation of AUTH SSL/TLS in the FTP client support that
comes with Kermit 95 and C-Kermit 8.0

http://www.kermit-project.org/ftpd.html

supports all ciphers supported by OpenSSL; reuses the session for the
data connections; and properly performs verification of server
certificates unlike several other clients; and supports the use of
client certificates.

Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available


The Kermit Project @ Columbia University includes Secure Telnet and FTP
http://www.kermit-project.org/ using Kerberos, SRP, and
kermit-...@kermit-project.org OpenSSL. SSH soon to follow.

Richard Koenning

unread,
Oct 24, 2001, 11:01:15 AM10/24/01
to
At 09:19 24.10.2001 EDT, you wrote:
>The implementation of AUTH SSL/TLS in the FTP client support that
>comes with Kermit 95 and C-Kermit 8.0
>
> http://www.kermit-project.org/ftpd.html
>
>supports all ciphers supported by OpenSSL; reuses the session for the
>data connections; and properly performs ver

I have tried to get the trial version of the secure variant of K95 with no
success (i am directed to the URL http://www.cryptography.org/freecryp.htm
which seems to be non-existant), probably because i am living/working
outside USA/Canada.

>> All in all there is IMHO no Windows FTP client, which could be currently
>> recommended unrestricted.

Well, i should have written "Windows FTP client with a GUI" ;-).

Ng Pheng Siong

unread,
Oct 24, 2001, 12:14:16 PM10/24/01
to
On Wed, Oct 24, 2001 at 02:56:39PM +0200, Richard Koenning wrote:
> But be warned that WS FTP uses only 40 bit export ciphers, at least the
> versions which i checked (V6.6 and V7.0-Tryout). Another possibility is
> CuteFTP, which uses strong encryption. A possible drawback with both
> clients is that it is not possible to encrypt only the control connection
> (in case when you only want to protect the password with SSL). This may
> have a severe impact on the transfer rate. The third Windows-Client known
> to me is Igloo FTP, which allows to encrypt only the control connection,
> but is restricted to weak 40 bit export ciphers too.

One more. ;-)

<plug>
If you cannot find a Windows GUI client to your satisfaction, try a
programmable client.

M2Crypto, a Python interface to OpenSSL, offers FTP/TLS client and server
in the current snapshot.

http://www.post1.com/home/ngps/m2/
</plug>


--
Ng Pheng Siong <ng...@post1.com> * http://www.post1.com/home/ngps

Dirk.La...@syntegra.com

unread,
Oct 25, 2001, 6:46:37 AM10/25/01
to
> > A further drawback of WS FTP and Cute FTP is, that they use for the data
> > connection a new SSL session (no resumption of the SSL session of the
> > control connection). This leads to an unnecessary high load on the FTP
> > server. Some server may therefore even disallow the use of a separate
> > session for the data connection.

Session resumption is a must for HTTP, for FTP it all depends on the nature of
your FTP-usage. Whether or not session resumption is valuable depends on the
amount of sessions you have to (re)establish within a connection. Otherwise the
effort to keep the cache might be heavier on your machine then the occasionally
new ssl-handshake.

kind regards,
dirk L.

0 new messages