CCC - Clear Command Channel

Advertisement

glauber
Joined:
Posts:
7
Location:
Chicago Area, USA

CCC - Clear Command Channel

Would it be possible to implement the CCC command (RFC2228) to remove encryption from the command channel of an encrypted FTP connection after authentication?

There are a few servers, unfortunately, that require this.

Thank you,

glauber

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: CCC - Clear Command Channel

Thanks for your post. This request has been added to tracker.
_________________
Martin Prikryl

Reply with quote

glauber
Joined:
Posts:
7
Location:
Chicago Area, USA

CCC

Thank you for considering this. I've been keeping a certain commercial product around just because of lack of support for this feature in open source products. CCC requirement is, unfortunately, rather common for FTP/SSL servers that interact with firewalls (because firewalls need to be able to read and respond to "PORT" commands).

If i may make a further suggestion, the way i see this could work, is a checkbox or advanced option to "turn off command channel encryption after authentication". There should never be a need to turn off encryption before authentication IMHO, and there should never be a need to turn off encryption on the data channel.

Thanks again,

glauber

Reply with quote

banto
Guest

Re: CCC

glauber wrote:

banto wrote:

Did this get solved???
Does WinSCP support CCC?

Thanks

Not yet.

g

I found another program that supports CCC, everything is working, but I don't want to use that program. Btw, Filezilla does not support CCC either, they said there are to many security issues, like a hacker could overtake a session.

Any thoughts about this?

Reply with quote

glauber
Joined:
Posts:
7
Location:
Chicago Area, USA

Re: CCC

banto wrote:


I found another program that supports CCC, everything is working, but I don't want to use that program. Btw, Filezilla does not support CCC either, they said there are to many security issues, like a hacker could overtake a session.

Any thoughts about this?
Thoughts?

(1) In a perfect world, we wouldn't need CCC, but this is not a perfect world.

(2) IMHO, that danger is overstated. Certainly the danger is less than with plain unencrypted FTP (which Filezilla is happy to support).

(3) The developer of Filezilla has very strong feelings about this and is not likely to change his mind. Filezilla is his app and he has the right to do what he wants with it. It's an excellent app if you don't need this feature.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

jpadgett wrote:

Any chance this has been added to WinSCP since the last post?
Was not.
_________________
Martin Prikryl

Reply with quote

matej sk
Joined:
Posts:
3

Re: CCC - Clear Command Channel

Any chance this feature will be implemented? I would greatly appreciate being able to pass through application-aware firewalls.
Thanks.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: CCC - Clear Command Channel

matej sk wrote:

Any chance this feature will be implemented? I would greatly appreciate being able to pass through application-aware firewalls.
Thanks.
I have raised priority of this request.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: CCC - clear command channel

rradnay wrote:

Has this feature been implemented?
Not yet. What is your use case?

Reply with quote

Advertisement

You can post new topics in this forum