FTP: TLS Security

IN THIS ARTICLE

Outlines the TLS security support with FTP (FTPS) available in Qumulo Core

REQUIREMENTS

• Cluster running Qumulo Core 2.7.6 and above

NOTE: FTP is available in Qumulo Core version 2.7.4 and above. Reference the article FTP in Qumulo Core for additional details on enabling this feature.

DETAILS

With the release of version 2.7.6 of Qumulo Core, TLS security for FTP (FTPS) is now supported with no additional configuration needed. FTPS encrypts both command channel and data transfers ensuring the security of data on your cluster. Here are the details regarding the release of FTPS:

• Explicit FTPS, or AUTH TLS, is now supported enabling clients to negotiate setting up a TLS session while connecting via port 21 to FTP
• Implicit FTPS, or the ability to initially connect to an FTPS specific port, using TLS is not supported at this time
• Qumulo uses the OpenSSL library with protocol TLS v1.2 and TLS v1.3 (3.1.3 or above)
• The cluster's SSL certificate and private key are utilized for FTPS. Note that if you modify or add a certificate, FTP must disabled and then re-enabled for the change to take effect on the cluster.

New FTP TLS Security feature with Qumulo Core 2.8.5 

Users can force FTP to deny any connections that fail to negotiate a TLS session before logging in by using the following command in version 2.8.5 or above of Qumulo Core.

qq ftp_modify_settings --allow-unencrypted-connections false 

Note that the current default behavior for FTP supports both TLS and non-TLS.

RESOLUTION

You should now understand TLS security with FTP available in Qumulo Core

ADDITIONAL RESOURCES

FTP in Qumulo Core

QQ CLI: FTP

SSL: Install a Signed SSL Certificate

Like what you see? Share this article with your network!