Use SSL with FTP (Explicit)

Explicit SSL uses the same port that regular FTP (21).

After regular connection, client explicitly asks the server to secure the connection. As the SSL/TLS protocols self-negotiate their levels, there is no need to distinguish between SSL and TLS.

You should use AuthTLS method to enable TLS/SSL for both data channel and control channel:

// C# version

using (Ftp client = new Ftp())
{
    client.Connect("ftp.example.org");

    client.AuthTLS();

    client.Login("username", "password");

    foreach (FtpItem item in client.GetList())
    {
        if (item.IsFolder == true)
            Console.WriteLine("[{0}]", item.Name);
        else
            Console.WriteLine("{0}", item.Name);
    }
    client.Close();
}
' VB.NET version

Using client As New Ftp()

    client.Connect("ftp.example.org")

    client.AuthTLS()

    client.Login("username", "password")

    For Each item As FtpItem In client.GetList()
        If item.IsFolder = True Then
            Console.WriteLine("[{0}]", item.Name)
        Else
            Console.WriteLine("{0}", item.Name)
        End If
    Next
    client.Close()
End Using

If your FTP server is using other port than standard 21, you need to use overloaded version of Connect

// C# version

client.Connect("ftp.example.org", 999);
' VB.NET version

client.Connect("ftp.example.org", 999)

The last sample shows how to deal with self-signed certificates:

// C# version

using (Ftp client = new Ftp())
{
    // Use this line to validate self-signed certificates:
    client.ServerCertificateValidate += ValidateCertificate;

    client.Connect("ftp.example.org");
    client.AuthTLS();
    client.Login("username", "password");

    foreach (FtpItem item in client.GetList())
    {
        if (item.IsFolder == true)
            Console.WriteLine("[{0}]", item.Name);
        else
            Console.WriteLine("{0}", item.Name);
    }
    client.Close();
}

private static void ValidateCertificate(
    object sender,
    ServerCertificateValidateEventArgs e)
{
    const SslPolicyErrors ignoredErrors =
        SslPolicyErrors.RemoteCertificateChainErrors |
        SslPolicyErrors.RemoteCertificateNameMismatch;

    if ((e.SslPolicyErrors & ~ignoredErrors) == SslPolicyErrors.None)
    {
        e.IsValid = true;
        return;
    }
    e.IsValid = false;
}
' VB.NET version

Using client As New Ftp()
    ' Use this line to validate self-signed certificates:
    AddHandler client.ServerCertificateValidate, AddressOf ValidateCerificate

    client.Connect("ftp.example.org")
    client.AuthSSL()
    client.Login("username", "password")

    For Each item As FtpItem In client.GetList()
        If item.IsFolder = True Then
            Console.WriteLine("[{0}]", item.Name)
        Else
            Console.WriteLine("{0}", item.Name)
        End If
    Next
    client.Close()
End Using

Private Sub ValidateCerificate( _
    ByVal sender As Object, _
    ByVal e As ServerCertificateValidateEventArgs)

    Const ignoredErrors As SslPolicyErrors = _
        SslPolicyErrors.RemoteCertificateChainErrors Or _
        SslPolicyErrors.RemoteCertificateNameMismatch

    If (e.SslPolicyErrors And Not ignoredErrors) = SslPolicyErrors.None Then
        e.IsValid = True
        Return
    End If
    e.IsValid = False
End Sub

Here you can download Ftp.dll: .NET FTP/FTPS component.

Tags: , , , , , ,

One Response to “Use SSL with FTP (Explicit)”

  1. andres Says:

    Thanks , great component

Questions?

Consider using our Q&A forum for asking any questions.