1

Consider two implementations of SSL on a HTTP server and on an FTP server. With the same cipher suites used and the exact same protocols used.

Is one more secure than the other. I have heard that it is difficult to get FTP to downgrade protocols. So is the implementation of SSL onto FTP more secure than through FTP?

W Khan
  • 75
  • 1
  • 6

1 Answers1

4

Is one more secure than the other. I have heard that it is difficult to get FTP to downgrade protocols. So is the implementation of SSL onto FTP more secure than through FTP?

FTP over SSL should have in theory the same security as HTTP over SSL. But in practice this is probably not the case:

  • HTTPS is most often used in Browsers. To deal with broken servers browsers implement SSL downgrading if the connection fails. Note that this behavior is not inherent to HTTPS, but to a specific implementation inside the browsers. HTTPS implementation outside the browsers usually don't to SSL downgrades and instead fail on the first error, as do SSL implementation in FTPS clients.
  • FTPS is not widely used. And if it is used then often with self-signed or otherwise broken certificates (like missing chain certificates, mismatch of hostname...). FTPS clients tend to either ignore certificate errors or let the user easily continue without proper validation. Some even do not check the certificate at all or do incomplete checks (like not checking the name in the certificate). In contrast browsers today often present warnings on certificate errors which are hard to bypass. Other applications using HTTPS instead often have the same problems as FTPS clients, but slowly they implement at proper checks which are enabled by default.
  • FTPS has several grades of security. The best mode is to encrypt control and data channel, but this can conflict with protocol helpers on middleboxes (like firewalls or NAT routers) which need to check or rewrite responses to PASV/EPSV or the PORT/EPRT commands, so that the necessary ports can be opened on the middlebox. Thus FTPS can downgrade the control connection from SSL to plain again (with CCC command) and from then on all traffic on the control connection is no longer encrypted. This opens the way for man-in-the-middle attacks which might even try to downgrade the data channels to plain text by returning an error code to the PROT P command which is used to setup an encrypted data channel.

In summary I think HTTPS is more secure in practice, even if browsers downgrade SSL protocols on errors.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424