Hi there,
I have setup a webserver for my customers with Let's encrypt certificates for the websites which works well and as expected.
Now I want my customers to connect to their subdirectories via FTPS with the same certificates.
My problem is that the FileZilla Client seems to neither send the HOST command as described in RFC7151 before the TLS handshake nor uses SNI as described in RFC 6066.
The result is that the FileZilla client does not get the correct certificate.
Example:
My customer wants to connect to their homepage "www.example.org" via explicit FTP via TLS. The TLS handshake works as expected but the customer
does not get the certificate from "www.example.org". Instead he gets the certificate from "ftp-server-from-your-hosting-provider.example.org".
Also a warning shows up that the hostname doesn't match the certificate.
My question is:
Does the FileZilla Client support RFC7151 or RFC 6066 with SNI?
If no, is it planned for the future?
If yes, how to setup the FileZilla Client to do so?
Does FileZilla Client supports RFC 7151 or SNI for use with FTPS connections?
Moderator: Project members
-
- 500 Command not understood
- Posts: 3
- Joined: 2020-02-27 08:25
- First name: Christoph
- Last name: Schreiber
Does FileZilla Client supports RFC 7151 or SNI for use with FTPS connections?
Last edited by botg on 2020-02-28 08:06, edited 1 time in total.
Reason: Always use the documented example domains for examples.
Reason: Always use the documented example domains for examples.
Re: Does FileZilla Client supports RFC 7151 or SNI for use with FTPS connections?
FileZilla always uses SNI, it cannot be disabled.
-
- 500 Command not understood
- Posts: 3
- Joined: 2020-02-27 08:25
- First name: Christoph
- Last name: Schreiber
Re: Does FileZilla Client supports RFC 7151 or SNI for use with FTPS connections?
Thanks for the answer.
So just to be clear.
FileZilla always sends the hostname in the TLS handshake just like with HTTPS?
That means getting a wrong certificate from the server is the result of a misconfigured server?
cheers chris
So just to be clear.
FileZilla always sends the hostname in the TLS handshake just like with HTTPS?
That means getting a wrong certificate from the server is the result of a misconfigured server?
cheers chris
-
- 500 Command not understood
- Posts: 3
- Joined: 2020-02-27 08:25
- First name: Christoph
- Last name: Schreiber
Re: Does FileZilla Client supports RFC 7151 or SNI for use with FTPS connections?
Thank you vey much for the quick answer