TLS specifications: Difference between revisions
From FileZilla Wiki
Jump to navigationJump to search
(scbSUAkwrZdaVYEV) |
m (Reverted edits by 41.211.228.6 (talk) to last revision by CodeSquid) |
||
Line 1: | Line 1: | ||
The ''Transport Layer Security'' (TLS) protocol gets used to cryptographically protect a socket connection. It is the successor of the ''Secure Sockets Layer'' (SSL) protocol. TLS gets used for the FTP over TLS/SSL (FTPS) protocol. | |||
== Technical Specifications == | |||
* [http://filezilla-project.org/specs/draft_ssl_v3.txt SSLv3 draft] (obsolete) | |||
* [http://filezilla-project.org/specs/rfc2246.txt <nowiki>RFC 2246</nowiki>] "TLS 1.0" | |||
* [http://filezilla-project.org/specs/rfc4346.txt <nowiki>RFC 4346</nowiki>] "TLS 1.1" | |||
=== Points of interest === | |||
* Section 7.2.1. of RFC 2246: Closure alerts<br /> | |||
<blockquote><pre>The client and the server must share knowledge that the connection is | |||
ending in order to avoid a truncation attack. Either party may | |||
initiate the exchange of closing messages. | |||
[...] | |||
Each party is required to send a close_notify alert before closing | |||
the write side of the connection. | |||
</pre></blockquote> | |||
:Lots of FTP servers did not follow the specifications and were vulnerable to truncation attacks. FileZilla will properly fail transfers on those servers. | |||
== See also == | |||
* [[File Transfer Protocol|FTP specifications]] | |||
* [[Other specifications]] | |||
* [[SFTP specifications]] |
Revision as of 06:07, 7 May 2012
The Transport Layer Security (TLS) protocol gets used to cryptographically protect a socket connection. It is the successor of the Secure Sockets Layer (SSL) protocol. TLS gets used for the FTP over TLS/SSL (FTPS) protocol.
Technical Specifications
- SSLv3 draft (obsolete)
- RFC 2246 "TLS 1.0"
- RFC 4346 "TLS 1.1"
Points of interest
- Section 7.2.1. of RFC 2246: Closure alerts
The client and the server must share knowledge that the connection is ending in order to avoid a truncation attack. Either party may initiate the exchange of closing messages. [...] Each party is required to send a close_notify alert before closing the write side of the connection.
- Lots of FTP servers did not follow the specifications and were vulnerable to truncation attacks. FileZilla will properly fail transfers on those servers.