|
I was debugging the FTPAPI utility for implementing new FTP SSL functionality through sockets that was using standard FTP instead of passive by default. When I got the "500 Illegal PORT command" trying to list files, I tried the IBM FTP client with the SENDPASV 0. I got the same error on the "ls". FTP'ing to an outside non-SSL site was fine for standard FTP (non-passive). So, I should always make sure I use passive like the default on the IBM FTP client for at least that particular secure SSL site. I heard the apache FTP server only allows passive connections for encrypted data connections. It appears the bank site I am trying to connect to only allows passive data connections. I still get the error when using *CLEAR for the data protection. I heard that passive connections are recommended for SSL FTP data connections. I wasn't even going to try to program the utility to allow SSL FTP on standard FTP connections since it was complex, possibly rare, and I couldn't even test. I wonder if most secure sites make passive data connections mandatory. Is standard (non-passive) FTP SSL something that should never be done? Also, IBM changed their data connection mode default from standard to passive at V4R2M0. I am assuming most people don't have the QUSRSYS/QTMFTPPASV data area isn't installed to override this. I think passive is usually preferred so the remote server doesn't get blocked by the client's firewall on connection. In passive mode, the client opens another connection to the server specified by the server. Is standard FTP becoming obsolete due to firewall restrictions? Are most sites required to support passive mode? Craig Strong
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.