Secure control channel only
Moderator: Project members
Re: Secure control channel only
There are only 10 levels of security: Secure and insecure.
Re: Secure control channel only
May FileZilla fallback to PROT C if P is not supported?
The server returned 534 but FileZilla ignored the error code.
Code: Select all
11:56:52 Response: 220---------- Welcome to Pure-FTPd [TLS] ----------
11:56:52 Response: 220-You are user number 3 of 50 allowed.
11:56:52 Response: 220-Local time is now 11:55. Server port: 21.
11:56:52 Response: 220-This is a private system - No anonymous login
11:56:52 Response: 220 You will be disconnected after 15 minutes of inactivity.
11:56:52 Command: AUTH TLS
11:56:55 Response: 234 AUTH TLS OK.
11:56:55 Status: Initializing TLS...
11:56:55 Status: Verifying certificate...
11:56:55 Command: USER ************
11:56:55 Status: TLS/SSL connection established.
11:56:55 Response: 331 User ************ OK. Password required
11:56:55 Command: PASS ************
11:56:55 Response: 230-User ************ has group access to: ************
11:56:55 Response: 230 OK. Current restricted directory is /
11:56:55 Command: PBSZ 0
11:56:55 Response: 200 PBSZ=0
11:56:55 Command: PROT P
11:56:55 Response: 534 Fallback to [C]
11:56:55 Status: Connected
11:56:55 Status: Retrieving directory listing...
11:56:55 Command: PWD
11:56:55 Response: 257 "/" is your current location
11:56:55 Command: TYPE I
11:56:55 Response: 200 TYPE is now 8-bit binary
11:56:55 Command: PASV
11:56:55 Response: 227 Entering Passive Mode (210,17,215,154,32,152)
11:56:55 Command: LIST
11:57:16 Error: Connection timed out
11:57:16 Error: Failed to retrieve directory listing
Re: Secure control channel only
It even has to according to the specs, since PROT C is the initial default.
That's not the problem, please check the servers router and firewall configuration. It has to be configured as described in the Network Configuration guide.
That's not the problem, please check the servers router and firewall configuration. It has to be configured as described in the Network Configuration guide.
Re: Secure control channel only
PROT C is the default, but the client may need to reset the data channel protection level to C by sending "PROT C" after P is rejected by the server.
Cases with FTP 7 for IIS 7.
Cases with FTP 7 for IIS 7.
Code: Select all
18:29:08 Command: PBSZ 0
18:29:08 Response: 200 PBSZ command successful.
18:29:08 Command: PROT P
18:29:08 Response: 536-Policy denies SSL.
18:29:08 Response: Win32 error: Access is denied.
18:29:08 Response: Error details: SSL policy denies SSL for data channel.
18:29:08 Response: 536 End
18:29:08 Status: Connected
18:29:08 Status: Retrieving directory listing...
18:29:08 Command: PWD
18:29:08 Response: 257 "/" is current directory.
18:29:08 Command: TYPE I
18:29:08 Response: 200 Type set to I.
18:29:08 Command: EPSV
18:29:08 Response: 229 Entering Extended Passive Mode (|||49158|)
18:29:08 Command: LIST
18:29:08 Response: 535-Protection level negotiation failed.
18:29:08 Response: Win32 error: Access is denied.
18:29:08 Response: Error details: Protection negotiation failed. PROT command with recognized parameter must precede this command.
18:29:08 Response: 535 End
18:29:08 Error: Failed to retrieve directory listing
18:31:16 Error: Connection closed by server
Re: Secure control channel only
i know i'm way over my head in this thread, but i thought i'd ask two questions if you don't mind.
its my understanding that mankiko is trying to encrypt the security and leave the files/folders unencrypted during these file transfers out of his older machines in order to keep wear and tear on them to a minimum....this makes sense to me, here's the question...Does this encryption process really use that much processor/ram/bandwidth (i am assuming the bandwidth is a non-factor since it's my understanding the amount of bandwidth required to run either way won't change)?
how many simultaneous users/transfers and how fat of a file are you anticipating on these older machines to process?
i ask this because i have an old win98se machine running things like a sheet feed scanner i've been using for years, i'd like to be able to make some of the folders/files on this machine available.
as a side note, i don't think telling ppl to chuck older equipment that works and spend money will go over real well.
thanks in advance
its my understanding that mankiko is trying to encrypt the security and leave the files/folders unencrypted during these file transfers out of his older machines in order to keep wear and tear on them to a minimum....this makes sense to me, here's the question...Does this encryption process really use that much processor/ram/bandwidth (i am assuming the bandwidth is a non-factor since it's my understanding the amount of bandwidth required to run either way won't change)?
how many simultaneous users/transfers and how fat of a file are you anticipating on these older machines to process?
i ask this because i have an old win98se machine running things like a sheet feed scanner i've been using for years, i'd like to be able to make some of the folders/files on this machine available.
as a side note, i don't think telling ppl to chuck older equipment that works and spend money will go over real well.
thanks in advance
Re: Secure control channel only
Most computers are fast enough to saturate a 100Mbit connection with encryption.
Re: Secure control channel only
insert amazement whistle here
and here i was all happy when charter finally got to 10 down, 1 up
i wanted to ask a few transfer speed questions, i suppose the general topic is where that post should go?
and here i was all happy when charter finally got to 10 down, 1 up
i wanted to ask a few transfer speed questions, i suppose the general topic is where that post should go?
Re: Secure control channel only
Any idea to the data channel protection level fallback?
Re: Secure control channel only
Where does it says so?PROT C is the default, but the client may need to reset the data channel protection level to C by sending "PROT C" after P is rejected by the server.
Re: Secure control channel only
RFC 2228 says that "The default protection level if no other level is specified is Clear". However, after sending the PROT P command, the protection level is specified is Private and therefore I think a reset is needed.
Also, it seems that the servers are requiring the PROT C command.
Also, it seems that the servers are requiring the PROT C command.
Re: Secure control channel only
A command only has any effect if it succeeds. A failed command should be identical to NOOP.
Since clear data channel is the default, a serve requiring an explicit PROT C would violate the specifications. If you have such a server, you need to upgrade to a better one.
Since clear data channel is the default, a serve requiring an explicit PROT C would violate the specifications. If you have such a server, you need to upgrade to a better one.
Re: Secure control channel only
After PROT P is rejected, is the data connection Clear?
Re: Secure control channel only
If PROT P is rejected, the protection level remains unchanged.