-
-
Notifications
You must be signed in to change notification settings - Fork 657
FTPS Connection using GnuTLS
FluentFTP normally uses .NET SslStream/SChannel for secure encrypted connections. This combination unfortunately currently does not support TLS 1.3 on MS Windows systems.
Therefore we integrated the powerful GnuTLS networking library, a C library that supports TLS 1.3 and also supports much more secure authentication methods, as an alternative secure and encrypted transport medium.
All credits for the development and testing of our GnuTLS FTP stream go to Michael Stiemke.
Using GnuTLS FTP streams gives many benefits:
- Full support for TLS 1.3
- Fixes SSL session resume failures on TLS 1.2 which could not be fixed due to buggy .NET SSL Streams
- ZLIB compression will be made available
- Protocol: Only supports Explicit SSL mode. Implicit SSL may work, but use at your discretion.
- CPU: Only supports x64 architectures.
- API: Async API calls will be internally executed as synchronous operations within the GnuTLS wrapper library.
- Certificates: Client certificate handling and preparation for verification by the server not yet implemented.
All these settings are properties of the FtpClient
object.
-
Config.CustomStream - Set this option to
typeof(GnuTlsStream)
to activate the GnuTLS package in your FTP client. -
Config.CustomStreamConfig - Set this to an instance of
GnuConfig
to configure the GnuTLS connection settings.
All these settings are properties of the GnuConfig
object.
-
SecuritySuite - Which security suite to use as a starting point. The suite enables a fully pre-configured configuration, which is then manually modified using
SecurityOptions
. Default:GnuSuite.Normal
. -
SecurityOptions - Additional options to add to the basic security suite specified by
SecuritySuite
. Default: null. -
SecurityProfile - Which security profile to use. Not normally needed. If you set this, you don't need to set individual
SecurityOptions
. Default:GnuProfile.None
-
HandshakeTimeout - How long to wait for a handshake before giving up, in milliseconds. Set to zero to disable. Default: 5000.
-
AdvancedOptions - Additional options to configure GnuTLS protocol handling. Not normally needed. Default: null.
-
LogMessages - Additional debug information. This is a bitwise flags value, so you can combine multiple values using the OR
|
operator. Default: None. -
LogLength - In case of a catastrophic failure, how many messages at maximum verbosity should be output prior to termination. Default: 150.
-
LogLevel - Select the maximum verbosity of the GnuTLS messages which are logged with serverity "verbose". Allowed values are 0-99. Default: 1.
Value | Effect |
---|---|
0 | To suppress GnuTls related messages entirely |
1 | To see messages originating in the GnuTls wrapper (labelled "Interop"). You can further customize which messages are logged using the LogMessages option. |
3 to 99 | To add messages from GnuTls processes (labelled "Internal"). |
To use GnuTLS to connect to your FTP server:
- Add the
FluentFTP
andFluentFTP.GnuTLS
Nuget packages to your project. - Add this code where you create your
FtpClient
:
using FluentFTP.GnuTLS;
using FluentFTP.GnuTLS.Enums;
...
client.Config.CustomStream = typeof(GnuTlsStream);
client.Config.CustomStreamConfig = new GnuConfig(){
// optional configuration
SecuritySuite = GnuSuite.Secure128
};
All further code then transparently uses GnuTlsStream
instead of SslStream
for FTPS communications.
All FTPS operations and API can be used as usual with no further changes to your code.
We have a separate repository for GnuTLS because it uses a license that is incompatible with our MIT license. It uses LGPL v2.
We publish GnuTLS as a separate Nuget because it adds dependencies on C++ library DLLs:
- libgnutls-30.dll
- libgcc_s_seh-1.dll
- libgmp-10.dll
- libhogweed-6.dll
- libnettle-8.dll
- libwinpthread-1.dll
- Auto Connection
- Auto Reconnection
- FTP(S) Connection
- FTP(S) Connection using GnuTLS
- FTPS Proxies
- Custom Servers
- Custom Commands
- v40 Migration Guide