Rise Company
15-04-2020, 10:18
اف تي بي FTP للسي بانال Cpanel الفرق بين implicit vs explicit encryption
(FTP over SSL/TLS (Implicit Encryption vs (FTP over SSL/TLS (Explicit Encryption
عملية التحويل الضمنى والتحويل الصريح
https://www.rise.company/upload/uploads/15869388347781.png
----------------------------------------------------------------
ما هو SSL/TLS
----------------------------------------------------------------
TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are cryptographic protocols that allow making secure connections from an FTP client to a server with SSL capabilities. The server sends the client a certificate and a public key for encryption. If the client accepts/trusts the server's certificate, an SSL connection can be established. When an SSL connection is established, all data passing from one side to the other will be encrypted and will only be able to be decrypted by the parties involved in the transfer of data.
When both a client and server support SSL or TLS, the utilization of security is accomplished through a sequence of commands passed between the two machines.
The FTP protocol definition provides at least two distinct mechanisms by which this sequence is initiated: Explicit (active) and Implicit (passive) security.
(FTP over SSL/TLS (Implicit Encryption
يقوم الخادم بإنهاء الاتصال في حالة عدم تلقي طلب التأمين.
As its name implies, implicit SSL is a type of FTPS connection wherein SSL encryption is implied. As soon as a connection is established between the FTPS client and your managed file transfer server, both command (a.k.a. control) and data channels will be automatically protected with SSL encryption.
Implicit SSL is ideal if you really want full encryption for your entire FTP connection from the start of the session. However, since encryption always consumes more bandwidth and computational resources, there may be instances when you'll want to encrypt only one channel.
For instance, if the files your users normally upload to your managed file transfer server don't contain confidential information, then the only things you will want to encrypt are the usernames and passwords that get submitted during authentication. Since user credentials are sent via the command channel, then that's the only channel you would need to encrypt.
But then you can't do that with Implicit SSL. Implicit SSL always encrypts both the command and data channels.
(FTP over SSL/TLS (Explicit Encryption
إذا لم يطلب العميل اتصالاً آمنًا، يمكن للخادم المتابعة باستخدام عملية غير آمنة أو رفض الاتصال أو الحد منه.
For the situation described above (encrypt only user credentials), a better choice would be Explicit SSL. With Explicit SSL, you're allowed to choose which channel to encrypt. You can even choose to revert back to regular (unencrypted) FTP and not encrypt any channel at all. Explicit SSL runs over port 21, which is the same port used by regular FTP, making it easy for your server to cater to both clients that support FTPS and those that only support regular FTP.
Most secure file transfer clients will encrypt both command and data channels of Explicit SSL connections by default. This is the better choice, especially for organizations covered by laws and regulations like PCI-DSS (https://www.jscape.com/blog/?Tag=PCI-DSS), SOX (https://www.jscape.com/blog/?Tag=SOX), HIPAA (https://www.jscape.com/blog/?Tag=HIPAA), and GLBA (https://www.jscape.com/blog/?Tag=GLBA), which either strongly recommend or explicitly require encryption.
If you're working to achieve regulatory compliance, you wouldn't want to leave security decisions in the hands of your end users. In that case, it would certainly be more prudent to encrypt data channels at all times.
To make sure all clients are forced to use encrypted data channels when connecting to your Explicit SSL FTPS service, go to the Services > FTP/S node in JSCAPE MFT Server and scroll down until you see the checkbox labeled Require data channel encryption. By enabling this option if a user tries to disable data channel encryption, your server will not allow the session to continue.
----------------------------------------------------------------
ما الفرق بين implicit vs explicit encryption
----------------------------------------------------------------
هتجد ثلاثة حالات الفرق بينهم فى طريقة الاتصال, الاول بدون تشفير و الثاني و الثالث بتشفير
التشفير فى الثاني Explicit mode يعمل على بورت المتعارف عليه 21 وبتشفير والذي ينصح به للعامة
فى حالة No encryption/plain mode
Communication schema:
Client connects to the server.
Client talks to the server over this unencrypted channel.
Username + password is sent unencrypted.
مثال طريقة العمل
Ftp ftp = new Ftp();
ftp.Connect("example.com", SslMode.None);
فى حالة TLS/SSL - Explicit mode
Communication schema:
Client connects to the server.
Client explicitly requests TLS/SSL encryption to be switched on.
Client talks to the server using encrypted channel.
Username + password is sent encrypted.
مثال طريقة العمل : وضعين مختلفين
Ftp ftp = new Ftp();
ftp.Connect("example.com", SslMode.Explicit);
او
Ftp ftp = new Ftp();
ftp.Connect("example.com", SslMode.None);
ftp.Secure(); // request encryption
فى حالة TLS/SSL - Implicit mode
Communication schema:
Client connects to the server and TLS/SSL encryption is switched on implicitly as soon as the channel is established.
Client talks to the server using encrypted channel.
Username + password is sent encrypted.
مثال طريقة العمل : وضع واحد
Ftp ftp = new Ftp();
ftp.Connect("example.com", SslMode.Implicit);
----------------------------------------------------------------
ما هو ports فى الاف تي بي implicit vs explicit encryption
----------------------------------------------------------------
https://www.rise.company/upload/uploads/158693929006281.png
شاهد ايضا :
اف تي بي FTP للسي بانال Cpanel حل مشكلة عدم عمل TLS/SSL Explicit encryption (https://www.rise.company/forum/threads/58146-%D8%A7%D9%81-%D8%AA%D9%8A-%D8%A8%D9%8A-FTP-%D9%84%D9%84%D8%B3%D9%8A-%D8%A8%D8%A7%D9%86%D8%A7%D9%84-Cpanel-%D8%AD%D9%84-%D9%85%D8%B4%D9%83%D9%84%D8%A9-%D8%B9%D8%AF%D9%85-%D8%B9%D9%85%D9%84-TLS-SSL-Explicit-encryption)
المرجع:
https://www.rebex.net/kb/tls-ssl-explicit-implicit/
https://docs.cpanel.net/knowledge-base/ftp/how-to-enable-ftp-passive-mode/
(FTP over SSL/TLS (Implicit Encryption vs (FTP over SSL/TLS (Explicit Encryption
عملية التحويل الضمنى والتحويل الصريح
https://www.rise.company/upload/uploads/15869388347781.png
----------------------------------------------------------------
ما هو SSL/TLS
----------------------------------------------------------------
TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are cryptographic protocols that allow making secure connections from an FTP client to a server with SSL capabilities. The server sends the client a certificate and a public key for encryption. If the client accepts/trusts the server's certificate, an SSL connection can be established. When an SSL connection is established, all data passing from one side to the other will be encrypted and will only be able to be decrypted by the parties involved in the transfer of data.
When both a client and server support SSL or TLS, the utilization of security is accomplished through a sequence of commands passed between the two machines.
The FTP protocol definition provides at least two distinct mechanisms by which this sequence is initiated: Explicit (active) and Implicit (passive) security.
(FTP over SSL/TLS (Implicit Encryption
يقوم الخادم بإنهاء الاتصال في حالة عدم تلقي طلب التأمين.
As its name implies, implicit SSL is a type of FTPS connection wherein SSL encryption is implied. As soon as a connection is established between the FTPS client and your managed file transfer server, both command (a.k.a. control) and data channels will be automatically protected with SSL encryption.
Implicit SSL is ideal if you really want full encryption for your entire FTP connection from the start of the session. However, since encryption always consumes more bandwidth and computational resources, there may be instances when you'll want to encrypt only one channel.
For instance, if the files your users normally upload to your managed file transfer server don't contain confidential information, then the only things you will want to encrypt are the usernames and passwords that get submitted during authentication. Since user credentials are sent via the command channel, then that's the only channel you would need to encrypt.
But then you can't do that with Implicit SSL. Implicit SSL always encrypts both the command and data channels.
(FTP over SSL/TLS (Explicit Encryption
إذا لم يطلب العميل اتصالاً آمنًا، يمكن للخادم المتابعة باستخدام عملية غير آمنة أو رفض الاتصال أو الحد منه.
For the situation described above (encrypt only user credentials), a better choice would be Explicit SSL. With Explicit SSL, you're allowed to choose which channel to encrypt. You can even choose to revert back to regular (unencrypted) FTP and not encrypt any channel at all. Explicit SSL runs over port 21, which is the same port used by regular FTP, making it easy for your server to cater to both clients that support FTPS and those that only support regular FTP.
Most secure file transfer clients will encrypt both command and data channels of Explicit SSL connections by default. This is the better choice, especially for organizations covered by laws and regulations like PCI-DSS (https://www.jscape.com/blog/?Tag=PCI-DSS), SOX (https://www.jscape.com/blog/?Tag=SOX), HIPAA (https://www.jscape.com/blog/?Tag=HIPAA), and GLBA (https://www.jscape.com/blog/?Tag=GLBA), which either strongly recommend or explicitly require encryption.
If you're working to achieve regulatory compliance, you wouldn't want to leave security decisions in the hands of your end users. In that case, it would certainly be more prudent to encrypt data channels at all times.
To make sure all clients are forced to use encrypted data channels when connecting to your Explicit SSL FTPS service, go to the Services > FTP/S node in JSCAPE MFT Server and scroll down until you see the checkbox labeled Require data channel encryption. By enabling this option if a user tries to disable data channel encryption, your server will not allow the session to continue.
----------------------------------------------------------------
ما الفرق بين implicit vs explicit encryption
----------------------------------------------------------------
هتجد ثلاثة حالات الفرق بينهم فى طريقة الاتصال, الاول بدون تشفير و الثاني و الثالث بتشفير
التشفير فى الثاني Explicit mode يعمل على بورت المتعارف عليه 21 وبتشفير والذي ينصح به للعامة
فى حالة No encryption/plain mode
Communication schema:
Client connects to the server.
Client talks to the server over this unencrypted channel.
Username + password is sent unencrypted.
مثال طريقة العمل
Ftp ftp = new Ftp();
ftp.Connect("example.com", SslMode.None);
فى حالة TLS/SSL - Explicit mode
Communication schema:
Client connects to the server.
Client explicitly requests TLS/SSL encryption to be switched on.
Client talks to the server using encrypted channel.
Username + password is sent encrypted.
مثال طريقة العمل : وضعين مختلفين
Ftp ftp = new Ftp();
ftp.Connect("example.com", SslMode.Explicit);
او
Ftp ftp = new Ftp();
ftp.Connect("example.com", SslMode.None);
ftp.Secure(); // request encryption
فى حالة TLS/SSL - Implicit mode
Communication schema:
Client connects to the server and TLS/SSL encryption is switched on implicitly as soon as the channel is established.
Client talks to the server using encrypted channel.
Username + password is sent encrypted.
مثال طريقة العمل : وضع واحد
Ftp ftp = new Ftp();
ftp.Connect("example.com", SslMode.Implicit);
----------------------------------------------------------------
ما هو ports فى الاف تي بي implicit vs explicit encryption
----------------------------------------------------------------
https://www.rise.company/upload/uploads/158693929006281.png
شاهد ايضا :
اف تي بي FTP للسي بانال Cpanel حل مشكلة عدم عمل TLS/SSL Explicit encryption (https://www.rise.company/forum/threads/58146-%D8%A7%D9%81-%D8%AA%D9%8A-%D8%A8%D9%8A-FTP-%D9%84%D9%84%D8%B3%D9%8A-%D8%A8%D8%A7%D9%86%D8%A7%D9%84-Cpanel-%D8%AD%D9%84-%D9%85%D8%B4%D9%83%D9%84%D8%A9-%D8%B9%D8%AF%D9%85-%D8%B9%D9%85%D9%84-TLS-SSL-Explicit-encryption)
المرجع:
https://www.rebex.net/kb/tls-ssl-explicit-implicit/
https://docs.cpanel.net/knowledge-base/ftp/how-to-enable-ftp-passive-mode/