On Wed, 5 Nov 2003, Maciej Soltysiak wrote: > > Isn't 443 SSL over HTTP? :) > You can use SSL over anything. Not quite, You can use almost anything over SSL rather than reverse. > telnet over SSL is called ssh. No, it is not. SSH is also based on SSL but it is not just telnet over SSL. Telnet over SSL is telnet over SSL. > > SSL FTP client (does anybody use this?) > Sure, some people use this. (Not me, yet) It works like ftp or http - > requires to exchange an x.509 certificate and then goes on with an encrypted > conenction. And It can be used to encrypt only control stream, or both data and control streams. > I have not been using that ssl ftp, but I am sure it is not sftp, nor > OpenSSH related. And You are right :) I use 'lftp' client to connect to SSL protected FTP. > > If using the later however, given that the channel will be encrypted, I > > don't see how this conntrack would work at all. > If ftp-control is encrypted too, connection tracking is impossible. > And doing rewriting over nat even more impossible. I'm not sure if one can encrypt only ftp-data. In 'lftp' configuration there is option to optionally encrypt ftp-data and ftp-control is encrypted always when using SSL. Latest draft about the topic is in: http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-12.txt Regards
