Is it possible to encrypt the traffic in local LAN for FTP/webDAV? #348
-
|
Since I am accessing the server using an internal IP, so I can't get a proper TLS cert for it; What is the recommended solution then? Is it at all possible to avoid MITM attacks? (I imagine it should be possible with custom clients that check fingerprints, but I am using common iOS apps. Also, checking fingerprints is kind of hard, when is it supposed to change?) Another question: How do I enable the TLS mode with a self-signed cert? No encryption is still worse than the risk of MITM. PS: SFTP is somewhat slower than WebDAV, which is the reason I want TLS for these other protocols. I also think SFTP offers no more security than a self-signed cert, no? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi, you question is quite general and related to any software not SFTPGo in particular. I'm quite busy and I have no time to write a complete response, please take a look at the following links: https://smallstep.com/docs/step-ca Please also note that for both FTPS and WebDAV, SFTPGo supports also client certificate authentication and client certificate authentication + password. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, I'll check them out. I think client certs will do the trick. 👍 |
Beta Was this translation helpful? Give feedback.
Hi,
you question is quite general and related to any software not SFTPGo in particular.
I'm quite busy and I have no time to write a complete response, please take a look at the following links:
https://smallstep.com/docs/step-ca
https://security.stackexchange.com/questions/184969/how-mitm-attack-got-performed-on-self-signed-certificate-while-private-keys-is-g
https://medium.com/collaborne-engineering/self-signed-certificates-in-ios-apps-ff489bf8b96e
Please also note that for both FTPS and WebDAV, SFTPGo supports also client certificate authentication and client certificate authentication + password.