Operating System - OpenVMS
1748181 Members
4195 Online
108759 Solutions
New Discussion юеВ

Re: FTP Using SSL on OpenVMS

 
SOLVED
Go to solution
Steven Schweda
Honored Contributor

Re: FTP Using SSL on OpenVMS

> Do you need support for the client, server
> or both?

This still seems to me to be a good
question, or did I miss something?

Kermit seems to claim support for FTPS:

http://www.columbia.edu/kermit/ckermit80.html

o Support for secure URL protocols added:
telnets:, ftps:, https:.

I assume that that would be as a client.
(But what do I know?)

If I knew of an accessible FTPS server
somewhere, I might be able to run a test.
Roger tucker_1
Advisor

Re: FTP Using SSL on OpenVMS

Yes, I looked at Kermit and curl. Both clients. I really need a ftps server. Since VMS now supports SSL; this seems the next logical step. Can someone from VMS engineering comment on this?
Steven Schweda
Honored Contributor

Re: FTP Using SSL on OpenVMS

Roger tucker:
> I really need a ftps server.

Yeah, I guessed that from your earlier
request for "either a client or server
version". I was wondering about the fellow
who posted the original question.
Richard J Maher
Trusted Contributor

Re: FTP Using SSL on OpenVMS

Richard, it looks like Michael's running TCP/IP services, but if he was running Multinet could his immediate requirements not be satisfied by configuring IPsec between his server and Port 21 on the destination box?

Cheers Richard Maher
Richard Whalen
Honored Contributor

Re: FTP Using SSL on OpenVMS

IPSec on port 21 might not meet his requirements. Though encrypting the traffic on port 21 would provide for security during user authentication, it would not provide security for data transfer, which occurs on ports that are negotiated between the client and server.

Encrypting the control port also has a potential problem when there are firewall and NAT devices in the path, as these devices may need to interpret the commands and replies in order to allow the data channel to be opened between the two systems. The RFCs include a command to change the control connection back to clear text after user authentication and data security set up so that data transfers can work across firewalls and NAT devices.
Richard J Maher
Trusted Contributor

Re: FTP Using SSL on OpenVMS

Hi Richard,

So does that mean anyone running NAT devices can't use IPsec? I'm guessing the Firewalls are more of a configuration issue or do they *need* to physically scrutinize the packets to make sure it's valid http, ftp, etc?

Look, I know you're probably very busy but they're asking for VMS Technical Journal articles again and I, for one, would like to see your thoughts on when one should be using: -

1) VPNs
2) IPsec
3) SSL
4) In the clear

Good advertising for Process Software so they should let you do it during hours! (And with HP's IPSec for TCP/IP services floundering, an opportune moment to beat the drum again?

Cheers Richard Maher

PS. What's that FTP software that doesn't do much but send an additional file.DONE file after the transfer? ConnectFTP? (A lot of money for seemingly not much but quite popular in London at least) Any impact/issues?
Hoff
Honored Contributor

Re: FTP Using SSL on OpenVMS

Reasonably recent NAT-capable firewalls can pass IPsec.

I expect Mr Whalen is referring to is the IPsec NAT Traversal (NAT-T) mechanisms.

Various firewalls are entirely capable of using IPsec to form a VPN between LANs, as well; firewall to firewall.

URLs:
http://en.wikipedia.org/wiki/NAT_traversal
http://www.microsoft.com/technet/community/columns/cableguy/cg0802.mspx
Richard Whalen
Honored Contributor

Re: FTP Using SSL on OpenVMS

I'm sure that I'd learn a few things while writing such an article!

"When" can be determined by the security requirements, the resources available, and the ease of use.