The support for FTP over TLS allows you to run FTP connections securely through TLS encryption and certificate authentication support. Apache mod_ftp supports RFC-compliant TLS support through Apache's own mod_ssl.
As the FTP protocol was developed long before security through encryption became an important consideration, it was originally designed as a clear-text protocol. Both the command channel and the data channel were, and in many cases remain, unencrypted. Today, this is not desirable since the users' logins and passwords travel in the clear across the network, and could be readily detected by a malicious intruder. Conversely, a user would not easily be able to detect a spoofed server address because the server could not identify itself by certificate.
To address these limitations, the FTP over TLS protocol was developed and became an Internet Standard described in RFC 4217. The FTP over TLS protocol uses TLS connection upgrade, where the client and server negotiate their features and capabilities before upgrading to an encrypted connection.
The mod_ftp module for the Apache HTTP Server aims to implement FTP over TLS as defined by RFC 4217. The RFC describes how the FTP client and server can discover each other's security capabilities and how a client can upgrade an FTP control channel to use TLS protection. This connection upgrade behavior, similar to the SMTP over TLS standard described in RFC 3207, allows an FTP over TLS server to run on the same port as a plaintext FTP server, and offer both plaintext and protected services simultaneously.
The FTP protocol specification dictates that it is up to the
client to specify session attributes like the protection level.
The server cannot require that the client use TLS, but it can
refuse to accept any command from the client until it sends an
AUTH TLS
FTP command to upgrade the control channel
to TLS protection. See the RequireSSL
option, to make the server refuse any FTP
command until a TLS session is established.
The use of TLS allows both the server and client to identify
themselves using standard SSL Certificates. Generally, a
certificate will be in use on the server, but the server can be
configured to request client-side certificates for
authentication. RFC 4217 requires that the client send a
USER
command even if a certificate is presented, but
the server may forego requiring a password from the client.
Since the FTP over TLS RFC was published only in 2005, several alternative approaches have arisen to secure file transfer connections. Besides the TLS connection upgrade on a normal FTP connection as defined by the RFC, another popular approach is to define a separate FTP control channel listener that can only be accessed over SSL. An SSL handshake has to be completed before even the first FTP protocol exchange can take place. This approach, known as Implicit SSL, is supported by mod_ftp. Finally, some FTP clients and server support file transfer over SSH. This approach is not supported by mod_ftp.
To implement TLS, mod_ftp uses Apache's
The configuration below is similar to the one above, except for
the 990
. The data
, since the conversation starts with an SSL
handshake from the client.
An ever-growing number of FTP clients implements FTP over
TLS, and listing them all is outside the scope of this document.
A list can be found on Wikipedia.
When selecting a client, do keep in mind that the FTP over
SSH protocol (sometimes also called SFTP) is not
supported by