ZHUANG YUYAO zhuangyy@netease.com wrote on 28-07-2005 06:10:04:
Hi,
I am thinking about adding ftp protocol support to stunnel4. first, some restrictions to simplify the implimentation:
...
- only support FTP implicit SSL and PASSIVE mode;
I would strongly discourage you from adopting FTP with implicit SSL. As I write, ftp://ftp.isi.edu/internet-drafts/draft-murray-auth-ftp-ssl-16.txt is three slots from the top of the RFC editor's queue, meaning it is likely to become in RFC in the next few weeks. This specifies that implicit SSL is deprecated, and this was done because the IETF disapproves of implicit SSL in principle (I believe HTTPS slipped through because it was a de-facto standard by the time it was written up as an RFC).
I'm not sure how you could implement explicit SSL using stunnel without putting some very FTP specific code right into stunnel. There are a few implementations of FTPS to FTP proxies out there already however: http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html#proxy