Use SSL with FTP (Explicit)

Explicit SSL uses the same port that regular FTP (21).

After regular connection, client explicitly asks the server to secure the connection. “AUTH TLS” command is used to do that.
As the SSL/TLS protocols self-negotiate their levels, there is no need to distinguish between SSL and TLS.

You should use AuthTLS method to enable TLS/SSL for both data channel and control channel:

// C# version

using (Ftp client = new Ftp())
{
    client.Connect("ftp.example.org");

    client.AuthTLS();

    client.Login("username", "password");

    foreach (FtpItem item in client.GetList())
    {
        if (item.IsFolder == true)
            Console.WriteLine("[{0}]", item.Name);
        else
            Console.WriteLine("{0}", item.Name);
    }
    client.Close();
}

' VB.NET version

Using client As New Ftp()

    client.Connect("ftp.example.org")

    client.AuthTLS()

    client.Login("username", "password")

    For Each item As FtpItem In client.GetList()
        If item.IsFolder = True Then
            Console.WriteLine("[{0}]", item.Name)
        Else
            Console.WriteLine("{0}", item.Name)
        End If
    Next
    client.Close()
End Using

If your FTP server is using other port than standard 21, you need to use overloaded version of Connect

// C# version

client.Connect("ftp.example.org", 999);

' VB.NET version

client.Connect("ftp.example.org", 999)

The last sample shows how to deal with self-signed certificates:

// C# version

using (Ftp client = new Ftp())
{
    // Use this line to validate self-signed certificates:
    client.ServerCertificateValidate += ValidateCertificate;

    client.Connect("ftp.example.org");
    client.AuthTLS();
    client.Login("username", "password");

    foreach (FtpItem item in client.GetList())
    {
        if (item.IsFolder == true)
            Console.WriteLine("[{0}]", item.Name);
        else
            Console.WriteLine("{0}", item.Name);
    }
    client.Close();
}

private static void ValidateCertificate(
    object sender,
    ServerCertificateValidateEventArgs e)
{
    const SslPolicyErrors ignoredErrors =
        SslPolicyErrors.RemoteCertificateChainErrors |
        SslPolicyErrors.RemoteCertificateNameMismatch;

    if ((e.SslPolicyErrors & ~ignoredErrors) == SslPolicyErrors.None)
    {
        e.IsValid = true;
        return;
    }
    e.IsValid = false;
}

' VB.NET version

Using client As New Ftp()
    ' Use this line to validate self-signed certificates:
    AddHandler client.ServerCertificateValidate, AddressOf ValidateCerificate

    client.Connect("ftp.example.org")
    client.AuthSSL()
    client.Login("username", "password")

    For Each item As FtpItem In client.GetList()
        If item.IsFolder = True Then
            Console.WriteLine("[{0}]", item.Name)
        Else
            Console.WriteLine("{0}", item.Name)
        End If
    Next
    client.Close()
End Using

Private Sub ValidateCerificate( _
    ByVal sender As Object, _
    ByVal e As ServerCertificateValidateEventArgs)

    Const ignoredErrors As SslPolicyErrors = _
        SslPolicyErrors.RemoteCertificateChainErrors Or _
        SslPolicyErrors.RemoteCertificateNameMismatch

    If (e.SslPolicyErrors And Not ignoredErrors) = SslPolicyErrors.None Then
        e.IsValid = True
        Return
    End If
    e.IsValid = False
End Sub

Here you can download Ftp.dll: .NET FTP/FTPS component.

Tags:       

Questions?

Consider using our Q&A forum for asking questions.

One Response to “Use SSL with FTP (Explicit)”

  1. andres Says:
    September 10th, 2015 at 15:37

    Thanks , great component