Closed Bug 85464 (ftps) Opened 23 years ago Closed 6 years ago

Support FTP over TLS/SSL (FTPS)

Categories

(Core Graveyard :: Networking: FTP, enhancement, P5)

Product:
Core Graveyard
Component:
Networking: FTP
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
Future

People

(Reporter: lord, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

(Keywords: helpwanted, Whiteboard: [necko-would-take]) 

It would be nice to support SSL/FTP.
Keywords: helpwanted
Target Milestone: --- → Future
If you have any useful reading (RFC's, etc), please add them. QA could also use
a list of servers you think we should test against.
Summary: Support SSL/FTP → [RFE] Support SSL/FTP
reassigning to bbaetz@cs.mcgill.ca.
Assignee: dougt → bbaetz
Do you know of any server which implements this?
QA Contact: tever → benc
That was my next question.
I don't know whether this is the same. But I have a solaris server running which
simply uses stunnel to encrypt all the ftp transfer. There are several clients
which support this, like sftp on Linux and psftp (putty) for windows. I think
for this kind of secure ftp, everything should be there already. The encryption
is the same as for secure websites and we have ftp too.
No, stunnel is separate (although I guess it would be easy to support, for PASV
at least)
*** Bug 130634 has been marked as a duplicate of this bug. ***
similar: bug 39714
I have no time to work on mozilla at the moment, so dougt is taking over FTP

open ftp bugs -> him
Assignee: bbaetz → dougt
Summary: [RFE] Support SSL/FTP → Support SSL/FTP
Setting OS=All and adding (SFTP) to summary to catch searches.
OS: Windows 2000 → All
Summary: Support SSL/FTP → Support SSL/FTP (SFTP)
Blocks: 179456
Blocks: 231457
See the following link for URI spec.

http://www.ietf.org/internet-drafts/draft-ietf-secsh-scp-sftp-ssh-uri-01.txt

Do we want to support all three of these protocols? (SCP, SFTP, and SSH)
Currently I use mostly SSH. 

The last two comments are misleading. This bug is about FTP over SSL (FTPS). 

SFTP is file transfer via SSH. Also the bugs this bug is blocking are about the
latter. So I'm removing them.
No longer blocks: 179456, 231457
URL: http://www.ford-hutchinson.com/~fh-1-...
Summary: Support SSL/FTP (SFTP) → Support FTP over TLS/SSL (FTPS)
Blocks: 245908
I know of one server that supports this (ftps/995): http://www.sambar.com. I use
CuteFTP's ftps capabilities in combination with this server and can atest to its
functionality.
(In reply to comment #4)
> Do you know of any server which implements this?

any server with openSSH installation will support scp/sftp by default on recent
installations:
<http://www.openssh.org/>
(In reply to comment #4)
> Do you know of any server which implements this?

here is a list of distros which ship with openSSH (and scp/sftp):
<http://www.openssh.org/users.html>
Simon's comment doesnt address point 4 because it asks about SSL, not SSH.

I personally would rather see the pure SSL implementation sooner than SSH. SSL
is used much more widely, and is built-in to the server products, whereas SSH is
frequently a tunnel that has to be configured on the server (and is in fact
built on openSSL). SSL is also more "industry strength" when it comes to key
management and tools (signing, CRLs, critical-subjects), IMO . Its also the
standard for imap/pop servers, in addition to www and ftp. And its tight
integration with those server types allows them to actually interogate the
protocol, so that they can reject connections with too-low cipher stregth, or
perform client-cert verification. This is a far cry from the other protocols
passive-tunnel setups.

If a day comes around though when ssh is integrated into Mozilla, cool.
Hopefully its first for would be in a shell-component. :-) My vote remains for
SSL/TLS.
Can we cahnge the summary to be 

              Support FTP over TLS/SSL (FTPS) (*not* SFTP)

I'm thinking it could prevent more naming errors like we have in the comments.

As for servers which support ftps, try WU.  Yeah!  I think wu-ftpd does TLS. 
Now I just can't remember if the RPM I installed shipped with its own pem or if
I had to regenerate something.  Hmm.  It may have been Just That Easy, though,
just an RPM to set up a valid test-server.  Shout if you want me to open it for
testing from a certain IP.
Here is a very good resource page on FTPS:

http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
Stupid question: How come that currently tls isn't supported for ftp?
For any other protocol that a transport level security extension exists
for (http,nntp,pop,imap,ldap, ...), this is supported by mozilla 
(fortunately - forcing users to transmit cleartext passwords is really
a bad thing), so I guess most of the necessary code must already be there.

little side note - in general, the use of a separate port with implicit
encryption is deprecated in favor of an explicit negotiation. With other
protocols, the separate port is more widespread, but in the case of ftp
servers, "AUTH TLS" seems to be the more established than the use of
port 990 for an encrypted command channel.
FWIW, filezilla server (http://filezilla.sf.net) supports FTPS using TLS negotiation.
mass reassigning to nobody.
Assignee: dougt → nobody
FTPS/FTPES-Support would be nice in Firefox and Thunderbird
This is really needed for a secure and convinient method way of file transfer.
Guys, random advocacy posts are going to fix this bug. All they do is make it harder for anyone trying to fix the bug to find any relevant posts within.
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
*sigh* are *not* going to fix this bug
I think firefox has ftps support in it because fireftp uses it. But it fails with vsftd servers: https://bugzilla.mozilla.org/show_bug.cgi?id=478322
Yes ftps support seems to be built in but the firefox GUI does not use it....

Anyway mozilla seems to no be concerned about that, The bug you show has not been solved since more than five months. The fix could have been part of ff35.............
The fix for bug 660749 won't change anything in FTP, so if/when we support ftps:// we will have to make a similar change.
Depends on: CVE-2011-0082
Whiteboard: [necko-would-take]
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P5
For 17 years this has been asked. Wow, that must be a record of some sort :)
So is this going to be stale until such point as you decide to remove FTP support entirely, with how you've been adding a pref for FTP now?
I have a public vsftpd server implementing ftp and ftpes protocol. It is only accessible over IPv6, however:

ftpes://lavender.qlfiles.net

I can view it using ftpes URL if I am in FileZilla, but not from Firefox. I am, however, using Firefox ESR 52.7.3.
Blocks: 1463440
Blocks: https-everything
See Also: → 1429023
I think we should mark this bug as WONTFIX. We have a vague plans of deprecating FTP completely in Firefox, there is no point in adding more code in this area.
Flags: needinfo?(ckerschb)
(In reply to Tom Schuster [:evilpie] from comment #34)
> I think we should mark this bug as WONTFIX. We have a vague plans of
> deprecating FTP completely in Firefox, there is no point in adding more code
> in this area.

Yes, that sounds reasonable to me. Since we (sooner or later) would like to deprecate FTP completely, we should not add more code in that area to our codebase.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(ckerschb)
Resolution: --- → WONTFIX
Blocks: 1438713
No longer depends on: CVE-2011-0082
(In reply to Bradley Baetz (:bbaetz) from comment #4)
> Do you know of any server which implements this?

The npm `ftp-srv` package implements this, same with the npm `ftp` client package.

- https://www.npmjs.com/package/ftp-srv#api
- https://www.npmjs.com/package/ftp#methods
Alias: ftps
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.