Question:

We are about using Chilkat C++ library for an FTPS connection.  I read on online documentation that there is method CkFtp2::put_AuthTls which allows setting TLS connection.

Some questions about client behavior according to this method:

  1. if we don’t call this method, transmission is in clear text? Is it equivalent to CkFtp2::put_AuthTls(false)?
  2. If  we call this method with parameter true CkFtp2::put_AuthTls(true) is it forced to TLS? Or just tells the client trying to connect with cryptography if server is allowed to, but if server neglects encrypted connection client automatically switches to clear text connection?

Answer:

The AuthTls and AuthSsl properties control wither Chilkat uses explicit SSL/TLS.   An explicit secure connection (as opposed to implicit) is when the TCP connection is established and then the client sends a command to convert to TLS.   The “AUTH TLS” command is sent when AuthTls is true.  The AUTH TLS command causes both sides to initiate the TLS handshake to convert the connection to TLS. The AuthSsl command does the same, except it uses the older “AUTH SSL” command.  You would only choose AuthSsl for old servers that might require that specific command, which would be very rare.   The “AUTH TLS” command is sent from inside the Ftp2::Connect method call.

To use implicit SSL/TLS, set the Ssl property = true.   Implicit mode is when both client and server already know that the TLS handshake will begin immediately after establishing the TCP connection. No “AUTH TLS” command is needed.   Protocols typically have customary ports for implicit TLS.  For example, the implicit TLS port for the FTP protocol is 990.

1. If you leave AuthTls, AuthSsl, and Ssl at the default values (false) then transmission will be in clear text.

2. If you set any of the above properties to true, then Chilkat will force TLS.  If the server does not support it, or does not expect it, then the connection will fail.   (Note: You should never set properties such that both explicit TLS and implicit TLS are to be used.  They are mutually exclusive.  If either AuthTls or AuthSsl is true, then Ssl should be false.)