Re: Is there a way to turn off the TLS default in the latest Filezilla?
Posted: 2015-01-23 10:19
FTP over TLS isn't forced. If the server rejects the AUTH command, plain FTP is still used.
Welcome to the official discussion forums for FileZilla
https://forum.filezilla-project.org/
https://forum.filezilla-project.org/viewtopic.php?f=2&t=34883
Using FTP over TLS improves security through transfer encryption.Why are users forced to use TLS as default now?
1. You know that QuickConnect does the same?I'm not using that unsecure site manager as passwords are stored unencrypted (!) in a plain xml/text file, easy accessible for malware and other bad guys.
There's a difference between a place you can control (your PC) and a place you can't (public net). Local encryption is your job, transfer encryption FileZilla's.So why encrypt the connection at all then?!
There will be changes in that handling in the future.I'm using FileZilla via cli within KeePass. The Connection type can be controlled with the "protocol" here in some way (sftp://, ftps://, ftpes://) but "ftp://" has to be plain FTP !
Configuring FTP servers correctly is the ONLY reasonable way.Changing the security settings for all ftp sites in the world is no reasonable way.
Please don't hold your breath.I'm now switching back to v3.9 until this gets fixed.
Code: Select all
vi /etc/proftpd.conf
Code: Select all
DefaultServer on
Code: Select all
PassivePorts 57000 58000
The ports aren't open unless they're in use. Your firewall probably just relied on iptables FTP helper for automatically allowing incoming data connections and that's obviously no longer possible now that the traffic is encrypted.ajbird wrote:now I have 5000 open ports?
Are we sure the balance of risk is right?
chances of a network plain text intercept v 5000 open ports?
Code: Select all
Servidor FTP preparado.
AUTH TLS
234 Proceed with negotiation.
Initialisiere TLS...
Überprüfe Zertifikat...
TLS-Verbindung hergestellt.
USER anonymous
530 Anonymous sessions may not use encryption.