1

I am developping a FTPS client in a Embedded system with LWIP and mbedTLS stacks.

For now, what I do is :

  • Get an IP adress with DHCP
  • Get IP address of the server with DNS
  • Start a TCP connection to the server ( the control connection)
  • Telling the FTP server that I want to work with the TLS protocol with the command AUTH TLS
  • Handshake of the TLS protocol with the server
  • Validate the x509 certificate that the server sends
  • Telling the client that I want to work in passive mode and that i want to read a file with the command RETR.

Now, I need to open a data connection to read my file. So what I wanted to know is does the data connection is secured in the same way the control connection is ? That means do I have a certificate to validate ? Is the handshake the same ?

If this isn't clear let me know i'm not an expert at all in this area.

Thank you for your future responses

Manu53
  • 91
  • 1
  • 1
  • 6

1 Answers1

1

In explicit FTPS connection after you send AUTH command, the data connection is secured all the way. Depending on Active/Passive connection the data connection is opened through port 20(Active) or some random port negotiated(Passive).

You don't need any extra handshakes as far as I know.

You might or might not be able to configure if you want to reuse the same session ID created in opening the control channel. This is related for server to know that data connection has been established by the same client which opened the control channel. Some server require this, some servers allow this, some servers does not support this.

Jokkeri
  • 1,001
  • 1
  • 13
  • 35