|
|
| Line 1: |
Line 1: |
| − | The ''Transport Layer Security'' (TLS) protocol gets used to cryptographically protect a socket connection. It is the successor of the ''Secure Sockets Layer'' (SSL) protocol. TLS gets used for the FTP over TLS/SSL (FTPS) protocol.
| + | Well, if you are -really- itrsneeted in what I am thinking, it would be nice if I could read and react about these things on the front page (or news page) of pear.php.net instead of finding out about this on a blog I just discovered through a 3rd party site. Tell me, where is that link from pear.php.net to this blog anyway? Thanks. |
| − | | |
| − | == Technical Specifications ==
| |
| − | | |
| − | * [http://filezilla-project.org/specs/draft_ssl_v3.txt SSLv3 draft] (obsolete)
| |
| − | * [http://filezilla-project.org/specs/rfc2246.txt <nowiki>RFC 2246</nowiki>] "TLS 1.0"
| |
| − | * [http://filezilla-project.org/specs/rfc4346.txt <nowiki>RFC 4346</nowiki>] "TLS 1.1"
| |
| − | | |
| − | === Points of interest ===
| |
| − | | |
| − | * Section 7.2.1. of RFC 2246: Closure alerts<br />
| |
| − | <blockquote><pre>The client and the server must share knowledge that the connection is
| |
| − | ending in order to avoid a truncation attack. Either party may
| |
| − | initiate the exchange of closing messages.
| |
| − | [...]
| |
| − | Each party is required to send a close_notify alert before closing
| |
| − | the write side of the connection.
| |
| − | </pre></blockquote>
| |
| − | | |
| − | :Lots of FTP servers did not follow the specifications and were vulnerable to truncation attacks. FileZilla will properly fail transfers on those servers.
| |
| − | | |
| − | == See also ==
| |
| − | | |
| − | * [[File Transfer Protocol|FTP specifications]]
| |
| − | * [[Other specifications]]
| |
| − | * [[SFTP specifications]]
| |
Revision as of 15:22, 21 February 2012
Well, if you are -really- itrsneeted in what I am thinking, it would be nice if I could read and react about these things on the front page (or news page) of pear.php.net instead of finding out about this on a blog I just discovered through a 3rd party site. Tell me, where is that link from pear.php.net to this blog anyway? Thanks.
