Monday, March 24, 2008


FTP/SSL is a name used to encompass a number of ways in which FTP software can perform secure file transfers. Each way involves the use of a SSL/TLS layer below the standard FTP protocol to encrypt the control and/or data channels. It should not be confused with either SSH file transfer protocol (SFTP), or FTP over SSH (no acronym).

The most common uses of FTP and SSL are:

* AUTH TLS, Explicit FTPS or FTPES, named for the command issued to indicate that TLS security should be used. This is the preferred method according to RFC 4217. The client connects to the server port 21 and starts an unencrypted FTP session as normal, but requests that TLS security be used and performs the appropriate handshake before sending any sensitive data.

* AUTH as defined in RFC 2228.

* Implicit FTPS is an older, but still widely implemented style in which the client connects to a different port (usually 990), and an SSL handshake is performed before any FTP commands are sent.

No comments: