Difference between revisions of "TLS specifications"

From FileZilla Wiki
Jump to navigationJump to search
(pClEPqPbD)
m (Reverted edits by Reinier (talk) to last revision by CodeSquid)
 
(9 intermediate revisions by 4 users not shown)
Line 1: Line 1:
This is from the Better Business Bureau:Recognizing a Work at Home ScamAvoid falling vicitm to a work at home scam by recognizing the following warning signs in job advertisements:e2€a2 Boasts no experience necessarye2€a2 Promises easy money and huge part-time earningse2€a2 Promotes having e2€œinsidee2€9d business informatione2€a2 Asks you to purchase products or instructions before getting e2€œhirede2€9dOutcomes of a Work at Home ScamProtect yourself from tempting work-at-home promotions that offer exaggerated benefits by being informed of the outcomes. The outcomes of work at home scams include: a waste of money, time, reputation, and morale.Victims of work at home scams have reported losses ranging from $10 to $70,000. Although the money loss may be recovered, the countless hours that you spend on unfruitful projects can't. You may also end up selling nonexistent services and poor products to your customers, making yourself vulnerable to charges of fraudulent practices.Types of Work at Home Scamse2€a2 Assembly Jobs: Involves investing hundreds of dollars to buy instructions and materials to produce crafts and signs for a potential company. After producing the products, the company may refuse to buy your products because it doesn't meet their standards.e2€a2 Multi-Level Marketing (MLM): Requires you to recruit new people to sell a scammers products or services. You often end up making close to nothing when the direct sales system crashes.e2€a2 Stuffing Envelopes: Tricks people into believing they can make $3 or $4 per envelope they stuff. If you apply, you may end up receiving promotional material asking you to buy instructions on how to get rich quick. The instruction will show you how to post similar job ads for stuffing envelopes.e2€a2 Online Businesses: Advertises how you can start your own online business and start making money fast. If you apply you will be asked to purchase a pointless guide to work-at-home jobs.e2€a2 Processing Claims: Deceives you into thinking that you can make hundreds of dollars a week by processing insurance claims for health care providers. Asks you to pay for training and to buy equipment and software in order to get started.The best way to protect yourself from work at home scams is by not applying and staying informed of the outcomes. Remember there's no easy way to make money. Every start up business and career requires hard work, resources, and luck.
+
The ''Transport Layer Security'' (TLS) protocol gets used to cryptographically protect a socket connection. It is the successor of the ''Secure Sockets Layer'' (SSL) protocol. TLS gets used for the FTP over TLS/SSL (FTPS) protocol.
 +
 
 +
== Technical Specifications ==
 +
 
 +
* [https://filezilla-project.org/specs/draft_ssl_v3.txt SSLv3 draft] (obsolete)
 +
* [https://filezilla-project.org/specs/rfc2246.txt <nowiki>RFC 2246</nowiki>] "TLS 1.0"
 +
* [https://filezilla-project.org/specs/rfc4346.txt <nowiki>RFC 4346</nowiki>] "TLS 1.1"
 +
* [https://filezilla-project.org/specs/rfc5246.txt <nowiki>RFC 5246</nowiki>] "TLS 1.2"
 +
* [https://filezilla-project.org/specs/rfc7465.txt <nowiki>RFC 7465</nowiki>] "Prohibiting RC4 Cipher Suites"
 +
 
 +
=== Points of interest ===
 +
 
 +
* Section 7.2.1. of RFC 2246: Closure alerts<br />
 +
<blockquote><pre>The client and the server must share knowledge that the connection is
 +
ending in order to avoid a truncation attack. Either party may
 +
initiate the exchange of closing messages.
 +
[...]
 +
Each party is required to send a close_notify alert before closing
 +
the write side of the connection.
 +
</pre></blockquote>
 +
 
 +
:Lots of FTP servers did not follow the specifications and were vulnerable to truncation attacks. FileZilla will properly fail transfers on those servers.
 +
 
 +
== See also ==
 +
 
 +
* [[File Transfer Protocol|FTP specifications]]
 +
* [[Other specifications]]
 +
* [[SFTP specifications]]

Latest revision as of 11:28, 2 December 2017

The Transport Layer Security (TLS) protocol gets used to cryptographically protect a socket connection. It is the successor of the Secure Sockets Layer (SSL) protocol. TLS gets used for the FTP over TLS/SSL (FTPS) protocol.

Technical Specifications[edit]

Points of interest[edit]

  • Section 7.2.1. of RFC 2246: Closure alerts
The client and the server must share knowledge that the connection is
ending in order to avoid a truncation attack. Either party may
initiate the exchange of closing messages.
[...]
Each party is required to send a close_notify alert before closing
the write side of the connection.
Lots of FTP servers did not follow the specifications and were vulnerable to truncation attacks. FileZilla will properly fail transfers on those servers.

See also[edit]