0

Just wondering if WebClient.Uploadfile is TLS secure either by 1.1 or 1.2. I found the following line of code and have installed in my application.

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

The following line of code does the work in my application

WebClient.UploadFile("ftp://xxx.xxxx.xxx/xxxx/xxxx/" + Path.GetFileName(file), file);

Is there any way to test for security here?

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
David
  • 11
  • 1

2 Answers2

1

You can use nice WinSCP library (assemblies source) for secure FTP connection:

using var session = new Session();
session.Open(new SessionOptions
{
    Protocol = Protocol.Ftp,
    HostName = "ftp.example.com",
    UserName = "username",
    Password = "password",
    FtpSecure = FtpSecure.Explicit,
    TlsHostCertificateFingerprint = "xx:xx:xx:...",
});
session.PutFiles("local path", "remote path").Check();

You can set by FtpSecure, if TLS should be explicit or implicit. Implicit TLS requires different port, while explicit TLS gives possibility to use the same port for unsecure and secure connection.

0

WebClient.UploadFile is not secure. Setting ServicePointManager.SecurityProtocol does not change anything about it.

See FTPS (FTP over SSL) in C#.

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992