Board index » delphi » Indy FTP Server and SSL/TLS

Indy FTP Server and SSL/TLS


2003-12-18 07:30:52 PM
delphi240
I have read in different newgroups that Indy 9 can't work with SSL/TLS. Is
this true? and if so, is there any way of building a FTP server with Indy 9
that supports SSL? (I am already trying SecureBlackbox with not much luck)
Thanks,
Khash
 
 

Re:Indy FTP Server and SSL/TLS

Khash Sajadi writes:
Quote
I have read in different newgroups that Indy 9 can't work with SSL/TLS. Is
this true? and if so, is there any way of building a FTP server with Indy 9
that supports SSL? (I am already trying SecureBlackbox with not much luck)
What problems are you having with SecureBlackbox? You can use
About FTP server -- FTP uses so-called explicit SSL that requires
special support from the protocol implementation itself. Ie. to switch
to SSL mode, the client must send (and server must handle) special
commands. SecureBlackbox provides only client side of FTP-over-SSL support.
I.e. you can make FTP client using SecureBlackbox, but you can not make
FTP server with SSL support with Indy 9 at all. I suppose that Indy 10
will solve this problem but as far as I know, server-side SSL doesn't
work in Indy 10 yet (Indy team, please correct me if I am wrong).
--
Eugene Mayevski
EldoS Corp., CTO
Security and networking solutions
www.eldos.com
 

Re:Indy FTP Server and SSL/TLS

Thank you Eugene.
I have posted details of the issues I have to that newsgroup. I understand I
can not use explicit FTP security with Indy 9, but is it possible to have a
sort of implicit SSL over FTP and FTP clients like SmartFTP
(www.smartftp.com) support it?
Thanks again,
Khash
"Eugene Mayevski [SecureBlackbox]" <XXXX@XXXXX.COM>writes
Quote
Khash Sajadi writes:

>I have read in different newgroups that Indy 9 can't work with
SSL/TLS. Is
>this true? and if so, is there any way of building a FTP server with
Indy 9
>that supports SSL? (I am already trying SecureBlackbox with not much
luck)

What problems are you having with SecureBlackbox? You can use
news://news.eldos.org/eldos.public.secureblackbox to get support.

About FTP server -- FTP uses so-called explicit SSL that requires
special support from the protocol implementation itself. Ie. to switch
to SSL mode, the client must send (and server must handle) special
commands. SecureBlackbox provides only client side of FTP-over-SSL
support.
I.e. you can make FTP client using SecureBlackbox, but you can not make
FTP server with SSL support with Indy 9 at all. I suppose that Indy 10
will solve this problem but as far as I know, server-side SSL doesn't
work in Indy 10 yet (Indy team, please correct me if I am wrong).

--
Eugene Mayevski
EldoS Corp., CTO
Security and networking solutions
www.eldos.com

 

Re:Indy FTP Server and SSL/TLS

Khash Sajadi writes:
Quote
I have posted details of the issues I have to that newsgroup. I understand I
can not use explicit FTP security with Indy 9, but is it possible to have a
sort of implicit SSL over FTP and FTP clients like SmartFTP
(www.smartftp.com) support it?
We posted answers to our newsgroups. Indy FTP server creates secondar
data socket and I am not sure if it takes IOHandler from the command socket.
--
Eugene Mayevski
EldoS Corp., CTO
Security and networking solutions
www.eldos.com
 

Re:Indy FTP Server and SSL/TLS

On Thu, 18 Dec 2003 12:03:53 -0000, Khash Sajadi writes:
Quote
Thank you Eugene.

I have posted details of the issues I have to that newsgroup. I understand I
can not use explicit FTP security with Indy 9, but is it possible to have a
sort of implicit SSL over FTP and FTP clients like SmartFTP
(www.smartftp.com) support it?

Indy 10's FTP server will support both modes. This is far different than
Indy 9 because of the data channel connection. To negotiate TLS on that,
the server has to support some special FTP extended commands (PROT and PBSZ
) and the current FTP server does have this. Indy 9.0 doesn't support
those commands and that server would probably require some special coding
in addition to that (it's a little more extensive than you would think).
--
J. Peter Mugaas - Chairperson, Distribution Team, Indy Pit Crew
Internet Direct (Indy) Website - www.nevrona.com/Indy
Personal Home Page - www.wvnet.edu/~oma00215
If I want to do business with you, I will contact you. Otherwise, do not
contact me.
 

Re:Indy FTP Server and SSL/TLS

On Thu, 18 Dec 2003 13:51:03 +0200, Eugene Mayevski [SecureBlackbox] writes:
Quote
Khash Sajadi writes:

>I have read in different newgroups that Indy 9 can't work with SSL/TLS. Is
>this true? and if so, is there any way of building a FTP server with Indy 9
>that supports SSL? (I am already trying SecureBlackbox with not much luck)

What problems are you having with SecureBlackbox? You can use
news://news.eldos.org/eldos.public.secureblackbox to get support.

About FTP server -- FTP uses so-called explicit SSL that requires
special support from the protocol implementation itself. Ie. to switch
to SSL mode, the client must send (and server must handle) special
commands. SecureBlackbox provides only client side of FTP-over-SSL support.
I.e. you can make FTP client using SecureBlackbox, but you can not make
FTP server with SSL support with Indy 9 at all. I suppose that Indy 10
will solve this problem but as far as I know, server-side SSL doesn't
work in Indy 10 yet (Indy team, please correct me if I am wrong).
Actually, the situation as it stands is this, I am waiting for something to
be implemented in Indy (IPv6) before I port the server over to some new
code. The FTP server does support both implicit SSL (using port 990) and
explicit SSL (using the standard port 21 and a special command to tell the
server to negotiate SSL).
--
J. Peter Mugaas - Chairperson, Distribution Team, Indy Pit Crew
Internet Direct (Indy) Website - www.nevrona.com/Indy
Personal Home Page - www.wvnet.edu/~oma00215
If I want to do business with you, I will contact you. Otherwise, do not
contact me.
 

Re:Indy FTP Server and SSL/TLS

J. Peter Mugaas writes:
Quote
Actually, the situation as it stands is this, I am waiting for something to
be implemented in Indy (IPv6) before I port the server over to some new
code. The FTP server does support both implicit SSL (using port 990) and
explicit SSL (using the standard port 21 and a special command to tell the
server to negotiate SSL).
Thank you for information. Does this apply to all server-side SSL? I.e.
can we continue working on server-side IOHandlers for SecureBlackbox?
Cause the developer had problems testing them with the code we had
(about a month ago). Has the situation improved?
--
Eugene Mayevski
EldoS Corp., CTO
Security and networking solutions
www.eldos.com
 

Re:Indy FTP Server and SSL/TLS

On Fri, 19 Dec 2003 13:11:36 +0200, Eugene Mayevski [SecureBlackbox] writes:
Quote
J. Peter Mugaas writes:

[snip]
Thank you for information. Does this apply to all server-side SSL? I.e.
can we continue working on server-side IOHandlers for SecureBlackbox?
Cause the developer had problems testing them with the code we had
(about a month ago). Has the situation improved?
I think you may be able to do so but I am not completely sure as I haven't
touched the more recent code in VCS. The FTP server is a special case and
I would have to port to the new code and I can not do that until IPv6 is
reenabled because of an extension in the FTP server (I require that some
work). I have to use some older code to keep some IPv6 support I require
and I currently develop the FTP server code on that older core code.
Unfortunately, the SSL API does have some extensions just for the FTP
server.
I think Kudzu may be able to answer better about the rest of the Indy Core.