Non-IBM users must use one of the following secure file transfer protocols to access the Secure File Transfer service from the Internet. Non-secure FTP cannot be used over the Internet since it transmits authentication information in clear te t.
FTP control connection to be sent in clear te t after secure authentication has occurred. Internet users with firewall issues ma% e perience benefit when using an FTP software client that also supports ***. See I(TF )F* ,,,@ FTP Securit% ( tensions &http/00www.ietf.org0rfc0rfc,,,@.t t' for further information on the *** command. The FTP server is configured to support FTP over SS#0T#S using either 6ctive or Passive FTP modes. 5owever$ since 6ctive mode FTP ma% be disabled b% networ! routers or firewalls b% default$ customers ma% have better success using Passive FTP mode. The server uses ports 3;7,+ through 3;;A; for Passive FTP data connections. The server also supports use of the (PS: 6## FTP command as defined in I(TF )F* ,+,@ FTP ( tensions for IPv3 and N6Ts &http/00www.ietf.org0rfc0rfc,+,@.t t'. If supported b% the FTP client$ this ma% provide some benefit to customers using Networ! 6ddress Translation &N6T' devices that also have support for it. The FTP server supports use of SS# version ,$ SS# version A and T#S version -. The server accepts both the 6?T5 SS# &depricated' and 6?T5 T#S commands from the FTP client. The serverBs SS# certificate is signed b% the (1uifa Secure *ertificate 6uthorit% &*6'. If this *6 is not in the list of trusted *6s for %our secure FTP client$ the root certificate ma% be obtained directl% from http/00www.geotrust.com0resources0rootCcertificates0inde .htm. Note also that the server name specified in the certificate is testcase.boulder.ibm.com &and not testcase-%ellow.boulder.ibm.com'. Some client software will validate that the hostname of the server being accessed is the same as the name specified in the server certificate. The SecureTransport Server (nterprise (dition software from Tumbleweed *orporation is used to provide this service. Tumbleweed *orporation also provides SecureTransport *lient software specificall% for use with their server software. *ustomers who ma% be unable to get FTPS to function in their environments ma% consider use of this software$ which supports use of the 5TTPS protocol. 6lthough there are no current plans in this regard$ IBM reserves the right to replace the server software at some future date$ at which time this vendor proprietar% client software would become inoperable. See http/00www.tumbleweed.com0products0securetransport0securetranspor