Explicit FTPS and Proxy supported?

0 votes
asked Mar 27 by Adesa (120 points)

Hi, I need to connect to an Explicit FTPS Server using a Proxy which is type "FtpDoubleLogin".

By using the VB2010 simple code named "FtpWinFormClientClassic_VB", I get the following message: "This proxy type is not allowed when using SSL.".

Is that true? Doesn't the component supports SSL via a FtpDoubleLogin proxy? If so, is there any particular reason why it's not supported? I believe that technically it should be possible.

Thanks and congratulations for such a great product!
Regards,
German

Applies to: Rebex FTP/SSL

1 Answer

0 votes
answered Mar 28 by Lukas Pokorny (85,050 points)

Hi, and thanks! Even though "double login" (or other FTP-level proxy type) over TLS/SSL would be technically possible, we decided not to allow this for several reasons:

1) We have not encountered such proxy yet. If we allowed it, we would be unsure whether it actually works.

2) TLS/SSL is supposed to provide confidentiality and data integrity. It is used when data needs to be protected from disclosure to unintended parties along the way, and if used correctly, it ensures that only the intended recipient (the FTP client or FTP server in this case) can read the data. This is not the case when using a proxy at FTP protocol level such as "double login" over TLS/SSL. In that scenario, the proxy would still be able to see and modify the FTP communication including user credentials. The mode of its operation would essentially be equivalent to man-in-the-middle attack (with the proxy in the middle). I'm sure there might be valid use cases for that, but it goes against the purpose of TLS/SSL, introduces another attack vector (compromising the proxy compromises all the clients) and leaves the FTP client in the dark about how (or whether at all) the proxy actually secures the data transferred between itself and the actual FTP server.

3) When "double login" FTP proxy with SSL is really needed, Rebex FTP/SSL can already use it - just connect to the proxy and call the Login method twice:

Dim client As New Ftp
client.Connect(proxyHostName, proxyPort, SslMode.Explicit) ' or SslMode.Implicit
client.Login(proxyUserName & "@" & ftpHostName & ":" & ftpPort, proxyPassword)
client.Login(ftpUserName, ftpPassword)
...