Re: Is there a standard port for (ftp over) TLS ?

Re: Is there a standard port for (ftp over) TLS ?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Re: Is there a standard port for (ftp over) TLS ? Menno Duursma 01-14-2007
Posted by Menno Duursma on January 14, 2007, 2:15 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Sun, 14 Jan 2007 13:35:18 +0000, Marcus Mender wrote:

> Is there a different standard port for TLS (for ftp its 21)?

No.

> Maybe its a pair of ports similarly to the standard ftp: 21 + 22

Active mode FTP data connections normally run over one port below that of
the control connection (which indeed is defined, by IANA, to be 21; making
the standard data port 20.)

> One port for data and one port for protocol negotiations?

Yes.

And in active mode you know the data port beforehand. But since it is
the server connecting, (from port 20) to a random port >1024 on the
client, and you're encripting the negotiation; clients wount know which
port to open and very probably disallow this...

In passive mode you don't really know which port the server is gonna use,
however you can define a 'port range' it should pick from, and let that
through the firewall allong with port 21.

http://www.ford-hutchinson.com/~fh-1-pfh/draft-fordh-ftp-ssl-firewall-07.txt

> Is there a difference if I use "implicit" or "explicit" TLS mode ?

Yes. Either you or implicitly rely on the server to encript the data
connection aswell, or explicitly tell it to, or not to, do so.

The latter uses differend ports (990 control, and 989 active-mode data
usually), however this methond this is besically deprecated.

--
-Menno.


Posted by Menno Duursma on January 14, 2007, 2:29 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Sun, 14 Jan 2007 20:15:42 +0100, Menno Duursma wrote:
> On Sun, 14 Jan 2007 13:35:18 +0000, Marcus Mender wrote:

[ FTPS stuff ]

>> Is there a difference if I use "implicit" or "explicit" TLS mode ?
>
> Yes. Either you or implicitly rely on the server to encript the data
> connection aswell, or explicitly tell it to, or not to, do so.
>
> The latter uses differend ports (990 control, and 989 active-mode data

s/latter/former/

( However this is that 'later', and more widely supported, method
conforming to RFC 4217 )

> usually), however this methond this is besically deprecated.

--
-Menno.

Similar ThreadsPosted
Re: Is there a standard port for (ftp over) TLS ? January 14, 2007, 12:06 pm
Re: Is there a standard port for (ftp over) TLS ? January 15, 2007, 4:46 am
Malicious port scanning or standard Active Directory/Exchange Server behavior November 26, 2004, 3:24 pm
Product Standard April 2, 2006, 8:27 am
SonicWall PRO 2040 Standard VPN November 10, 2006, 9:44 am
Advanced Encryption Standard-Can any one explain?? February 10, 2005, 7:19 am
newbie: https on non standard ports September 5, 2007, 2:17 pm
Zone Alarm Standard v. eTrust EZ Armour???? March 15, 2007, 12:24 am
Why does Adobe Acrobat 7 Standard secretly phone home? October 29, 2007, 10:12 pm
netscreen: not allowed to port forward port outside port < 1024 toone inside >= 1024? December 15, 2004, 12:47 pm

The site map in XML format XML site map

Contact Us | Privacy Policy