Secure FTP protocol (SSL/TLS)

I might be news for you but work via ftp protocol (RFC959) is insecure. For user authentication at the server a name and a password are used that are passed to the server by commands USER and PASS in unclosed format. Using a so called sniffer an intruder can capture this data and gain access to the server. Modification of commands and data during their transfer between the server and the client is also possible.

To provide security of ftp protocol a secured ftp protocol has been developed - so called FTP over SSL (RFC2228). You can now operate with the server and be sure that your data will not come into wrong hands. Integrity check of the transferred data guarantees inalterability of data during its transfer between the server and the client.

FTPGetter allows using different security mechanisms (SSL v2, SSL v3, TLS v1, TLS v1.1); there is a possibility of authentication using PEM/ASN1 or PKCS12 certificates and keys when working with secure ftp servers; the program also supports secure data transfer.

To work with secure ftp server you should choose the necessary protocol in profile connection settings:

Select used protocol - common ftp or secure ftp over SST/TLS

Explicit mode: connection using server 21 port, choice of security mechanism by AUTH command.
Implicit mode: connection to server 990 port.

Most secure ftp servers use security certificates and keys for authentication of connecting clients. During connection attempt the server checks the client certificate. You should set which authentication variant is used at the server.

authentication method: basic or using PEM/ASN1 or PKCS12 certificates and keys

If PEM/ASN1 certificate and key are used then set path to files and key verification password in this tab:

Path to PEM/ASN1 certificate and key files

If PKCS12 certificate is used then set path to file and certificate verification password in this tab:

Path to PKCS12 certificate file

If in process of connection to secure ftp server you will see a similar message in the log file window:

SSL/TSL error - network subsystem is unusable

it means that a wrong authentication method has been chosen. For example, Basic authentication method has been chosen while the server requires authentication using certificates. To obtain information on connection to secure ftp server contact your server administrator.

Back on top