IN THIS ARTICLE
Outlines the TLS security support with FTP (FTPS) available in Qumulo Core
- Cluster running Qumulo Core 2.7.6 and above
NOTE: FTP is available in Qumulo Core version 2.7.4 and above. Reference the article FTP in Qumulo Core for additional details on enabling this feature.
With the release of version 2.7.6 of Qumulo Core, TLS security for FTP (FTPS) is now supported with no additional configuration needed. FTPS encrypts both command channel and data transfers ensuring the security of data on your cluster. Here are the details regarding the release of FTPS:
- Explicit FTPS, or AUTH TLS, is now supported enabling clients to negotiate setting up a TLS session while connecting via port 21 to FTP
- Implicit FTPS, or the ability to initially connect to an FTPS specific port, using TLS is not supported at this time
- Qumulo uses the OpenSSL library with protocol TLS v1.2 and TLS v1.3 (3.1.3 or above)
- The cluster's SSL certificate and private key are utilized for FTPS. Note that if you modify or add a certificate, FTP must disabled and then re-enabled for the change to take effect on the cluster.
New FTP TLS Security feature with Qumulo Core 2.8.5
Users can force FTP to deny any connections that fail to negotiate a TLS session before logging in by using the following command in version 2.8.5 or above of Qumulo Core.
qq ftp_modify_settings --allow-unencrypted-connections false
Note that the current default behavior for FTP supports both TLS and non-TLS.
You should now understand TLS security with FTP available in Qumulo Core
Like what you see? Share this article with your network!