You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

This document explains how to enable Apache FTP Server to use Transport Layer Security (TLS) for encrypted client-server communication.

FtpServer uses the Java Secure Sockets Extension (JSSE) infrastructure to provide TLS/SSL sockets. JSSE comes packaged with several vendor Java distributions (i.e. Sun Java 1.4.x, IBM Java 1.3.x). For these distributions, please follow the vendor provided instructions for configuring the JVM to use JSSE services.

Security mode

Explicit Security (default)

In this mode server supports both secure and non-secure connection. Upon request from client (AUTH SSL) the server switches to the SSL/TLS mode.

In this case, the listener should not use implicit SSL (the default value):

<nio-listener name="default" implicit-ssl="false">

Implicit Security

If you want to use implicit SSL connection, that is, SSL is always enabled on the control socket. The first thing you need to do is to tell the listener to use implicit SSL mode:

<nio-listener name="default" implicit-ssl="true">

Data connection security

Implicit secure socket does not ensure encrypted data transfer. To use SSL/TLS in data connection, client has to send "PROT P" command. You also need to set the SSL configuration parameters as described below. Encrypted data transfer is supported for FTP passive (PASV) mode only.

  • No labels