Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

2.19. lftp

LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.
  • As a side effect of changing the underlying cryptographic library from OpenSSL to GnuTLS in the past, starting with lftp-3.7.11-4.el5_5.3, some previously offered TLS ciphers were dropped. In handshake, lftp does not offer these previously available ciphers:
    TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA  
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA  
    TLS_DHE_DSS_WITH_DES_CBC_SHA  
    TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA  
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA  
    TLS_DHE_RSA_WITH_DES_CBC_SHA  
    TLS_RSA_EXPORT_WITH_DES40_CBC_SHA  
    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5  
    TLS_RSA_EXPORT_WITH_RC4_40_MD5  
    TLS_RSA_WITH_AES_256_CBC_SHA  
    TLS_RSA_WITH_DES_CBC_SHA
    
    lftp still offers variety of other TLS ciphers:
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_3DES_EDE_CBC_SHA
    TLS_RSA_WITH_RC4_128_SHA
    TLS_RSA_WITH_RC4_128_MD5
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    TLS_DHE_DSS_WITH_RC4_128_SHA
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
    
    For servers without support for any of these ciphers, it is now possible to force SSLv3 connection instead of TLS using the set ftp:ssl-auth SSL configuration directive. This works both for implicit and explicit FTPS. (BZ#532099)