Menu
I am being asked to support implicit and explicit FTPS (also known as FTPES). We are currently using the .NET FtpWebRequest. Does the FtpWebRequest support both types of FTPES, and what is the difference?
Thanks
209
However, implicit FTPS is considered a deprecated protocol, meaning that it not the current standard. Some FTP providers only use implicit FTPS. In these cases, port blocking to prevent non-secure FTP connections, and because explicit FTPS starts by making an FTP connection, this prevents explicit FTPS transfers, too.
What is Implicit FTPS? Implicit FTPS is a method of FTPS that allows clients to connect to an implicit port (Port 990) which already has secure connections baked in without requesting for there to be one. Implicit FTPS makes use of a dedicated port in order to allow for port 21 to be left open.
With Implicit FTPS, an SSL handshake must be negotiated before any FTP commands can be sent by the client. In addition, even though Explicit FTPS allows the client to arbitrarily decide whether to use SSL, Implicit FTPS requires that the entire FTP session must be encrypted.
As its name implies, implicit SSL is a type of FTPS connection wherein SSL encryption is implied. As soon as a connection is established between the FTPS client and your managed file transfer server, both command (a.k.a. control) and data channels will be automatically protected with SSL encryption.
as far as I know the current (.NET 2.0 and 3.5) version of FtpWebRequest supports Explicit SSL only.
Actually, .NET 2.0 does not currently support implicit SSL, only explicit. We will consider adding this for a future release.
JonCole - MSFTModerator at MSDN forum post
If you need to use both Implict and Explicit TLS/SSL you have to try one of third-party FTP/SSL components. Following code uses our Rebex FTP/SSL and is taken from the tutorial page.
Explicit TLS/SSL
Client connects to FTP server in a usual non-protected way, usually to port 21 was assigned to FTP protocol. When it is desired to protect the connection using SSL, an SSL negotiation is initialized, control connection is secured and all following communication is being protected.
// Create an instance of the Ftp class. Ftp ftp = new Ftp(); // Connect securely using explicit SSL. // Use the third argument to specify additional SSL parameters. ftp.Connect(hostname, 21, null, FtpSecurity.Explicit); // Connection is protected now, we can log in safely. ftp.Login(username, password); Explicit protection means that it is possible to secure the connection at any moment. If you don't know whether you will need the protection on not at the connection time, you might want to connect using the ordinary unencrypted FTP protocol and secure the connection later.
Ftp ftp = new Ftp(); // Connect to the server with no protection. ftp.Connect(hostname, 21); // Upgrade connection to SSL. // This method also accepts an argument to specify SSL parameters. ftp.Secure(); // Connection is protected now, we can log in safely. ftp.Login(username, password); Implicit SSL protection of the FTP session
FTPS protocol was originally assigned a separate port by the IANA. Upon connection to this port, an SSL negotiation starts immediately and the control connection is secured. All data connections are also secured implicitly in the same way. This is similar to the approach used by HTTPS.
This approach is not favored by the IETF and is deprecated. It is supported by Rebex FTP/SSL for interoperability with older servers, but it is strongly recommended to use the explicit protection instead whenever possible.
Ftp ftp = new Ftp(); // Connect securely using implicit SSL. // Use the third argument to specify additional SSL parameters. ftp.Connect(hostname, 990, null, FtpSecurity.Implicit); // Connection is protected now, we can log in safely. ftp.Login(username, password); You may download the component at rebex.net/ftp-ssl.net/
183
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
