Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

FTP Using SSL on OpenVMS

SOLVED
Go to solution
Michael Gambardella
Occasional Advisor

FTP Using SSL on OpenVMS

Does TCPIP services for OpenVMS support FTP using SSL? I am running OpenVMS Alpha v8.2 and TCPIP v5.5 ECO 1.

I found a few references to using SSH but the target system I need to talk to only supports SSL.

Thanks,
/Mike
17 REPLIES
Duncan Morris
Honored Contributor

Re: FTP Using SSL on OpenVMS

Hi Mike,

see this page for details of SSL on OpenVMS:-

http://h71000.www7.hp.com/openvms/products/ssl/ssl_doc.html

Regards,

Duncan
Richard Whalen
Honored Contributor
Solution

Re: FTP Using SSL on OpenVMS

Are you asking for RFC4217 support? Do you need support for the client, server or both?

I don't know of anything for VMS that offers it.

http://www.ietf.org/rfc/rfc4217.txt?number=4217
Michael Gambardella
Occasional Advisor

Re: FTP Using SSL on OpenVMS

I am asking this for a customer who needs to xfer files from their VMS system using FTPS (FTP using SSL). I am not sure what the target system is except that it is running a tax collection application. They want to encrypt the data due to its sensitivity.

/Mike
Michael Gambardella
Occasional Advisor

Re: FTP Using SSL on OpenVMS

It looks like the customer wants to do something that is not supported with the VMS version of FTP.

Re: FTP Using SSL on OpenVMS

Did you ever find a version of FTPS for OpenVMS (either a client or server version.) We need the samething.
Hoff
Honored Contributor

Re: FTP Using SSL on OpenVMS

sftp (ftp over ssh) is available for OpenVMS. I've not seen ftps (ftp over ssl) around anywhere.

Re: FTP Using SSL on OpenVMS

>sftp (ftp over ssh) is available for >OpenVMS. I've not seen ftps (ftp over ssl) >around anywhere.

Yes, I know; but sftp for IBM mainframe systems are very costly (from what I have been told); so they use ftps. Just about every other operating system supports ftps and now that OpenSSL runs on openVMS seems like that would be the next logical step. So, I'll ask again. "Are there any plans for an ftps server for VMS that anyone knows about?"
Richard Whalen
Honored Contributor

Re: FTP Using SSL on OpenVMS

Process Software is working on this for a future version of TCPware and MultiNet. Release dates have not yet been forecasted.
Michael Gambardella
Occasional Advisor

Re: FTP Using SSL on OpenVMS

No I checked around and did not find any version of FTP for VMS that uses SSL. The info on Multinet is news to me and may be an option for my customer.
Steven Schweda
Honored Contributor

Re: FTP Using SSL on OpenVMS

> Do you need support for the client, server
> or both?

This still seems to me to be a good
question, or did I miss something?

Kermit seems to claim support for FTPS:

http://www.columbia.edu/kermit/ckermit80.html

o Support for secure URL protocols added:
telnets:, ftps:, https:.

I assume that that would be as a client.
(But what do I know?)

If I knew of an accessible FTPS server
somewhere, I might be able to run a test.

Re: FTP Using SSL on OpenVMS

Yes, I looked at Kermit and curl. Both clients. I really need a ftps server. Since VMS now supports SSL; this seems the next logical step. Can someone from VMS engineering comment on this?
Steven Schweda
Honored Contributor

Re: FTP Using SSL on OpenVMS

Roger tucker:
> I really need a ftps server.

Yeah, I guessed that from your earlier
request for "either a client or server
version". I was wondering about the fellow
who posted the original question.
Richard J Maher
Trusted Contributor

Re: FTP Using SSL on OpenVMS

Richard, it looks like Michael's running TCP/IP services, but if he was running Multinet could his immediate requirements not be satisfied by configuring IPsec between his server and Port 21 on the destination box?

Cheers Richard Maher
Richard Whalen
Honored Contributor

Re: FTP Using SSL on OpenVMS

IPSec on port 21 might not meet his requirements. Though encrypting the traffic on port 21 would provide for security during user authentication, it would not provide security for data transfer, which occurs on ports that are negotiated between the client and server.

Encrypting the control port also has a potential problem when there are firewall and NAT devices in the path, as these devices may need to interpret the commands and replies in order to allow the data channel to be opened between the two systems. The RFCs include a command to change the control connection back to clear text after user authentication and data security set up so that data transfers can work across firewalls and NAT devices.
Richard J Maher
Trusted Contributor

Re: FTP Using SSL on OpenVMS

Hi Richard,

So does that mean anyone running NAT devices can't use IPsec? I'm guessing the Firewalls are more of a configuration issue or do they *need* to physically scrutinize the packets to make sure it's valid http, ftp, etc?

Look, I know you're probably very busy but they're asking for VMS Technical Journal articles again and I, for one, would like to see your thoughts on when one should be using: -

1) VPNs
2) IPsec
3) SSL
4) In the clear

Good advertising for Process Software so they should let you do it during hours! (And with HP's IPSec for TCP/IP services floundering, an opportune moment to beat the drum again?

Cheers Richard Maher

PS. What's that FTP software that doesn't do much but send an additional file.DONE file after the transfer? ConnectFTP? (A lot of money for seemingly not much but quite popular in London at least) Any impact/issues?
Hoff
Honored Contributor

Re: FTP Using SSL on OpenVMS

Reasonably recent NAT-capable firewalls can pass IPsec.

I expect Mr Whalen is referring to is the IPsec NAT Traversal (NAT-T) mechanisms.

Various firewalls are entirely capable of using IPsec to form a VPN between LANs, as well; firewall to firewall.

URLs:
http://en.wikipedia.org/wiki/NAT_traversal
http://www.microsoft.com/technet/community/columns/cableguy/cg0802.mspx
Richard Whalen
Honored Contributor

Re: FTP Using SSL on OpenVMS

I'm sure that I'd learn a few things while writing such an article!

"When" can be determined by the security requirements, the resources available, and the ease of use.