quelqu'un à ça ?
car j'aimerais avoir les explications et details sur le certificat SSL et quelques options dans Serv-U
SSL Certificate (Server Settings)
This tab only shows when SSL/TLS is enabled for your server, which in turn depends on the server Edition and registration key.
The certificate is used for secure-FTP connections and data transfers that use SSL/TLS. When a secure-FTP client connects an "SSL handshake" ensues. Its purpose is to establish the server?s identity, an encryption key for use during that session, and a specific cipher to encrypt the session data with. The SSL handshake works as follows: First, the client sends a list of ciphers it?s willing to support to the server. Next, the server chooses a cipher for use during the subsequent session and sends over its certificate together with a big random number. The certificate tells the client who the server is and it contains an encryption key, called the server?s "public key". The client also creates a large random number and encrypts this using the server?s public key from the certificate. Next the server decrypts the client?s message using its "private key" (that corresponds to the server?s public key). Both client and server now use the random values to create a unique "session key" for encryption of the subsequent session and from there on both sides use that key and the selected cipher to encrypt the rest of their session. That is the SSL handshake in a nutshell, somewhat simplified but it gets the idea across.
For secure Web servers a trusted third party, like Verisign that vouches for the server?s identity normally signs the server certificate. In the case of Serv-U?s certificate it is a "self signed" certificate, meaning it is signed by the server itself. This means it does not provide any guarantees for the server?s identity (since you can enter any values you like), but it does give the client a public key for encryption. Any time you make changes to the server?s certificate Serv-U automatically generates a new self-signed certificate with new, random, public and private keys for use by the server.
IMPORTANT ? IMPORTANT - IMPORTANT
If you are going to use Serv-U for secure-FTP you must create your own server certificate. The server's private key needs to be a secret and the default key that gets installed is the same for every installation and thus no secret. To create your own certificate just enter your own certificate values and save them.
The following entries are part of the SSL certificate:
Common name
This should be set to the server?s IP name, or if no IP name is available the server?s IP address. The client normally checks if the certificate?s common name matches with the server
?s IP name and will show a warning to the user if not.
E-mail
Set this to the E-mail address you want FTP clients to see.
Organization
Set this to the name of your company or organization, like "Cat Soft, LLC" or "RhinoSoft.com".
Unit
This should be set to the organizational unit that owns the certificate, like "Software" or "IT".
City/town
Set this to the city or town where you are located.
State/province
Set this to the state or province where you are located.
Country
This has to be the 2-letter abbreviation of the country where you are located (as defined in the ISO-3166 standard), like "US" for United States. Valid country codes are:
Serv-U Help - Copyright © 1995-2001 Cat-Soft, All Rights Reserved
--------------------------
Advanced (Server Settings)
These options affect the overall server behavior and functionality. The defaults for these options are generally the correct ones for your PC. Changes to these options can greatly affect server performance and security. Only make changes if you know exactly what you are doing!
Server
These options apply to the server.
Encrypt passwords
Serv-U uses a one-way secure hash function to encrypt passwords, named MD5. Passwords are stored in the ServUDaemon.ini file or in the registry and enabling this option ensures no one can read or recover the passwords. Once the passwords are encrypted they can never be decrypted again. When this check box is unchecked passwords are stored as clear text and they are visible in the user account setup. By default passwords are stored encrypted.
Changing this option will cause all existing passwords to become invalid and they will have to be entered again in the user account setup.
Enable security
This option allows you to enter a global setting to enable or disable all security. Default is enabled. Disabling security will allow anybody on the network to delete/change/copy everything on your PC! Do not ever leave the Enable security option unchecked if your computer is connected to the Internet!!!
Packet time-out (seconds)
Enter the number of seconds for a file transfer to wait without receiving anything from network or sending anything over it before declaring the transfer as dead. Serv-U will normally wait for the transfer to complete, or if no activity occurs during this time period, stop the file transfer and consider it canceled.
Dir listing mask
This option allows you to specify the directory-listing mask. The default is rw-rw-rw. It is used in directory listings to represent the file or directory attributes, making them look like UNIX. Some FTP clients do not take kindly to directory listings that show the user as not having access to a file and will now show files with the wrong mask (The AOL FTP client being one of them).
PASV port range
When the PASV command is used Serv-U opens a data socket and tells the client where it can connect. The data socket is used for directory listings and file transfers in passive mode. By default this port range is blank which means the server will acquire a new listening socket with a random port number between 1024 and 65535 for every passive mode transfer.
Using this range Serv-U will limit which ports are used. This is very important for firewall configurations that limit incoming connections? port usage. When blank Serv-U allows Windows to pick the port number, when a range is entered Serv-U will set up a fixed number of sockets on these ports and use these to service passive mode data transfers.
If this option is used the idea is to use a range of ports that are available, i.e. above 1024, something with high port numbers like 23580-23590. The number of ports to designate depends on a few factors: If you allow FXP (direct server-to-server transfers) you need as many ports as you get concurrent FXP clients otherwise the server may not be able to figure out what passive mode connection should be routed to which FTP session. If you allow multiple connections from the same client IP you ideally need as many ports as you get concurrent connections from the same IP. This again is so Serv-U can distribute requests over the available sockets and figure out what connection should go to which session. If neither of the two applies then in theory a single port would do the job, though it is better to use at least 3 ports or so to distribute requests and make lookups faster (the lookups hook the client connection up with an FTP session). On NT/W2K a good average number would be something like 15 ports, on Win9x/ME use no more than 5 ports since that OS is 'socket challenged' and quickly runs out of available sockets. Serv-U will not allow more than 50 ports to be used for the passive mode range regardless of your settings, since that many start to impair performance. Anywhere close to 50 ports should really never be needed, even on the busiest of servers.
Sockets
These advanced options allow you to configure how sockets are used in Serv-U. Be very careful here and use these options only if you are sure you know what you are doing. Changing these options could disable Serv-U.
Inline out-of-band data
Selecting this option parses Out-of-band socket data into the regular TCP data stream, treating it like normal data. This is useful to counter denial-of-service attacks that send large amounts of out-of-band data to socket stacks that cannot handle this.
Send keep-alive?s
Selecting this option periodically sends keep-alive packets to determine socket connection status.
Disable Nagle algorithm
Selecting this option disables waiting for the ACK TCP handshake before sending the next packet. Disabling the Nagle algorithm can greatly increase network overhead! Typically this is only used for connections with very large latencies, such as satellite links.
Send buffer (bytes)
Sets the buffer size in bytes that Serv-U should use when sending blocks of data to the socket stack. The default depends on the socket stack (8192 bytes for most implementations of MS Windows).
Receive buffer (bytes)
Set the buffer size in bytes that Serv-U should use when receiving blocks of data from the socket stack. The default depends on the socket stack (8192 bytes for most implementations of MS Windows).
File Uploads
These options allow you to configure how file uploads occur on the server.
Allow no/read access
While a file is being uploaded first try opening the file with no access to other clients and processes. If this fails try opening with read access.
Allow no access
Do not allow any other client or process to access the file while it is being uploaded.
Allow full access
Allow full access to other clients or processes to access the file while it is being uploaded.
Adaptive time-out
Slowly lower packet time out for consistently fast transfers during file upload. In case the transfer does not complete successfully this makes it easier to resume the upload since Serv-U will recognize faster that the transfer is dead and thus allow access to the file sooner.
File Downloads
These options allow you to configure how file sharing is to occur on the server in Windows.
Allow full access
Wen Allow full access is selected other programs will be able to read and write to files as they are being downloaded.
Allow read access
When Allow read access is selected other programs will be able to read the file only as it is being downloaded.
Serv-U Help - Copyright © 1995-2001 Cat-Soft, All Rights Reserved
--------------------------------
merci d'avance