cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: forcing TLS FTP

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Sat, 2 Apr 2005 22:52:52 +0200 (CEST)

On Sat, 2 Apr 2005, Ivan Makale wrote:

> I'm trying SSL-TLS FTP with the curl library. Now I need to understand
> better if I can force TLS (for now only server authentication).

It depends slightly on what you mean with "force TLS" ?

> From the documentation, I understand that
>
> curl_easy_setopt(curl, CURLOPT_FTPSSLAUTH, CURLFTPAUTH_TLS);
>
> makes curl try first TLS and, if it fails, SSL in a second trial.

... as parameter to the AUTH function sent to the FTP server, yes. It does not
control the actual secure layer version (SSL or TLS) or anything.

> If I add the option
>
> curl_easy_setopt(curl, CURLOPT_SSLVERSION, 1);
>
> does it force TLS, disabling the SSL second trial? If not, are there any
> other ways to do it?

I recommend using CURL_SSLVERSION_TLSv1 instead of '1'.

But yes, that'll make OpenSSL assume and use TLSv1 when negotiating the secure
transport.

The "SSL second trial" is FTP-protocol oriented while CURLOPT_SSLVERSION is
SSL-protocol oriented, so CURLOPT_SSLVERSION does not disable "AUTH SSL" if
"AUTH TLS" fails.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html

Received on 2005-04-02

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: digest authentication with HTTP post."
Previous message: Hardeep Singh: "digest authentication with HTTP post."
In reply to: Ivan Makale: "forcing TLS FTP"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]