Re: Do I need a client certificate when using FTP over TLS?

Giganews Newsgroups
Subject: Re: Do I need a client certificate when using FTP over TLS?
Posted by:  Ciaran Costelloe (ccostell…@flogas.ie)
Date: Wed, 6 Jul 2005

Bryan Feeney wrote:

> I've written a program for the encryption and transmission of files.
> They are encrypted locally and then transferred. Because FTP sends
> out passwords in the clear, I chose to use FTP over TLS, to secure
> the login. I'm using Indy 10, Delphi 2005, and the recent OpenSSL
> libraries.
>
> I tested this in the office with some shareware Windows FTP servers,
> and it seemed to work well in unsecured, implicit and explicit modes.
>
> However, now that the time for deployment has arrived, we've asked
> the company that runs our website to set up an FTP server. They chose
> vsftpd running on SuSE Linux. They had a copy of our application to
> test things with. Apparently, all secure connections were being being
> rejected as my application wasn't providing a certificate to
> authenticate myself.
>
> I'm afraid my knowledge of TLS is quite rusty, but I'd like to know
> how come the Windows FTP clients were accepted the connection but
> vsftpd doesn't. Do I need to specify a certificate somewhere when
> setting up the FTP client?
>
> Thanks

There are two totally different SSL "authentications":

(a) one is where the client verifies that the server it is connecting
to the correct server by examining the server's certificate (actually
the certificate chain), e.g. a user buying from a secure website, or

(b) where the server wants to verify the client, which involves the
client submitting a certificate that the server has been configured to
accept (often by the server "issuing" the user certificate), this is a
secure logon

(c) both of the above, such as for some business-to-business transfers
(EDI)

I have never tried "none of the above" (SSL with no certs), it quite
possibly does not work, but maybe you get encrypted traffic, though I
doubt it.

Ciaran

Replies

None

In response to

Do I need a client certificate when using FTP over TLS? posted by Bryan Feeney on Tue, 05 Jul 2005