Closed Bug 85464 (ftps) Opened 22 years ago Closed 5 years ago
Support FTP over TLS/SSL (FTPS)
It would be nice to support SSL/FTP.
If you have any useful reading (RFC's, etc), please add them. QA could also use a list of servers you think we should test against.
Summary: Support SSL/FTP → [RFE] Support SSL/FTP
reassigning to firstname.lastname@example.org.
Assignee: dougt → bbaetz
Do you know of any server which implements this?
That was my next question.
I don't know whether this is the same. But I have a solaris server running which simply uses stunnel to encrypt all the ftp transfer. There are several clients which support this, like sftp on Linux and psftp (putty) for windows. I think for this kind of secure ftp, everything should be there already. The encryption is the same as for secure websites and we have ftp too.
No, stunnel is separate (although I guess it would be easy to support, for PASV at least)
*** Bug 130634 has been marked as a duplicate of this bug. ***
similar: bug 39714
I have no time to work on mozilla at the moment, so dougt is taking over FTP open ftp bugs -> him
Assignee: bbaetz → dougt
Setting OS=All and adding (SFTP) to summary to catch searches.
OS: Windows 2000 → All
Summary: Support SSL/FTP → Support SSL/FTP (SFTP)
See the following link for URI spec. http://www.ietf.org/internet-drafts/draft-ietf-secsh-scp-sftp-ssh-uri-01.txt Do we want to support all three of these protocols? (SCP, SFTP, and SSH) Currently I use mostly SSH.
The last two comments are misleading. This bug is about FTP over SSL (FTPS). SFTP is file transfer via SSH. Also the bugs this bug is blocking are about the latter. So I'm removing them.
I know of one server that supports this (ftps/995): http://www.sambar.com. I use CuteFTP's ftps capabilities in combination with this server and can atest to its functionality.
(In reply to comment #4) > Do you know of any server which implements this? any server with openSSH installation will support scp/sftp by default on recent installations: <http://www.openssh.org/>
(In reply to comment #4) > Do you know of any server which implements this? here is a list of distros which ship with openSSH (and scp/sftp): <http://www.openssh.org/users.html>
Simon's comment doesnt address point 4 because it asks about SSL, not SSH. I personally would rather see the pure SSL implementation sooner than SSH. SSL is used much more widely, and is built-in to the server products, whereas SSH is frequently a tunnel that has to be configured on the server (and is in fact built on openSSL). SSL is also more "industry strength" when it comes to key management and tools (signing, CRLs, critical-subjects), IMO . Its also the standard for imap/pop servers, in addition to www and ftp. And its tight integration with those server types allows them to actually interogate the protocol, so that they can reject connections with too-low cipher stregth, or perform client-cert verification. This is a far cry from the other protocols passive-tunnel setups. If a day comes around though when ssh is integrated into Mozilla, cool. Hopefully its first for would be in a shell-component. :-) My vote remains for SSL/TLS.
Can we cahnge the summary to be Support FTP over TLS/SSL (FTPS) (*not* SFTP) I'm thinking it could prevent more naming errors like we have in the comments. As for servers which support ftps, try WU. Yeah! I think wu-ftpd does TLS. Now I just can't remember if the RPM I installed shipped with its own pem or if I had to regenerate something. Hmm. It may have been Just That Easy, though, just an RPM to set up a valid test-server. Shout if you want me to open it for testing from a certain IP.
Here is a very good resource page on FTPS: http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
Stupid question: How come that currently tls isn't supported for ftp? For any other protocol that a transport level security extension exists for (http,nntp,pop,imap,ldap, ...), this is supported by mozilla (fortunately - forcing users to transmit cleartext passwords is really a bad thing), so I guess most of the necessary code must already be there. little side note - in general, the use of a separate port with implicit encryption is deprecated in favor of an explicit negotiation. With other protocols, the separate port is more widespread, but in the case of ftp servers, "AUTH TLS" seems to be the more established than the use of port 990 for an encrypted command channel.
FWIW, filezilla server (http://filezilla.sf.net) supports FTPS using TLS negotiation.
mass reassigning to nobody.
Assignee: dougt → nobody
FTPS/FTPES-Support would be nice in Firefox and Thunderbird
This is really needed for a secure and convinient method way of file transfer.
Guys, random advocacy posts are going to fix this bug. All they do is make it harder for anyone trying to fix the bug to find any relevant posts within. https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
*sigh* are *not* going to fix this bug
I think firefox has ftps support in it because fireftp uses it. But it fails with vsftd servers: https://bugzilla.mozilla.org/show_bug.cgi?id=478322
Yes ftps support seems to be built in but the firefox GUI does not use it.... Anyway mozilla seems to no be concerned about that, The bug you show has not been solved since more than five months. The fix could have been part of ff35.............
The fix for bug 660749 won't change anything in FTP, so if/when we support ftps:// we will have to make a similar change.
Depends on: CVE-2011-0082
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P5
For 17 years this has been asked. Wow, that must be a record of some sort :) So is this going to be stale until such point as you decide to remove FTP support entirely, with how you've been adding a pref for FTP now?
I have a public vsftpd server implementing ftp and ftpes protocol. It is only accessible over IPv6, however: ftpes://lavender.qlfiles.net I can view it using ftpes URL if I am in FileZilla, but not from Firefox. I am, however, using Firefox ESR 52.7.3.
I think we should mark this bug as WONTFIX. We have a vague plans of deprecating FTP completely in Firefox, there is no point in adding more code in this area.
(In reply to Tom Schuster [:evilpie] from comment #34) > I think we should mark this bug as WONTFIX. We have a vague plans of > deprecating FTP completely in Firefox, there is no point in adding more code > in this area. Yes, that sounds reasonable to me. Since we (sooner or later) would like to deprecate FTP completely, we should not add more code in that area to our codebase.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
(In reply to Bradley Baetz (:bbaetz) from comment #4) > Do you know of any server which implements this? The npm `ftp-srv` package implements this, same with the npm `ftp` client package. - https://www.npmjs.com/package/ftp-srv#api - https://www.npmjs.com/package/ftp#methods
You need to log in before you can comment on or make changes to this bug.