Differences
This shows you the differences between the selected revisions of the page.
| ftps 2015-11-12 | ftps 2024-09-18 (current) | ||
| Line 1: | Line 1: | ||
| ====== FTPS ====== | ====== FTPS ====== | ||
| - | FTPS (also known as FTP Secure and %%FTP%%-%%SSL%%) is an extension to the commonly used File Transfer Protocol (%%FTP%%) that adds support for the [[tls|Transport Layer Security]] (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.·((&wikipedia_ref(FTPS|FTPS))) | + | FTPS (also known as FTP Secure and %%FTP%%-%%SSL%%) is an extension to the commonly used File Transfer Protocol (%%FTP%%) that adds support for the [[tls|Transport Layer Security]] (TLS) cryptographic protocol (previously known as the Secure Sockets Layer – SSL).((&wikipedia_ref(FTPS|FTPS))) |
| ===== [[methods]] Methods of Invoking ===== | ===== [[methods]] Methods of Invoking ===== | ||
| - | Two separate methods were developed to invoke client security for use with %%FTP%% clients: //Explicit// or //Implicit//. The former method is a legacy compatible implementation where %%FTPS%% aware clients can invoke security with an FTPS aware server without breaking overall %%FTP%% functionality with non-%%FTPS%% aware clients. The later method is an incompatible method that requires clients to be %%FTPS%% aware. WinSCP supports both methods. | + | Two separate methods were developed to invoke client security for use with %%FTP%% clients: //Explicit// or //Implicit//. The former method is a legacy compatible implementation where %%FTPS%% aware clients can invoke security with an FTPS aware server without breaking overall %%FTP%% functionality with non-%%FTPS%% aware clients. The latter method is an incompatible method that requires clients to be %%FTPS%% aware. WinSCP supports both methods. |
| ==== Explicit ==== | ==== Explicit ==== | ||
| Line 13: | Line 13: | ||
| Negotiation is not allowed with implicit %%FTPS%% configurations. A client is immediately expected to challenge the %%FTPS%% server with a connection encrypted using TLS/SSL. If it does not, the server should drop the connection. | Negotiation is not allowed with implicit %%FTPS%% configurations. A client is immediately expected to challenge the %%FTPS%% server with a connection encrypted using TLS/SSL. If it does not, the server should drop the connection. | ||
| - | In order to maintain compatibility with existing non-%%TLS%%/%%SSL%% aware %%FTP%% clients, implicit %%FTPS%% was expected to listen on the IANA Well Known Port 990/TCP for the %%FTPS%% control channel and 989/%%TCP%% for the %%FTPS%% data channel. This allowed administrators to retain legacy compatible services on the original 21/%%TCP%% %%FTP%% control channel. dgdfg fdgdfgdfgdfgdfg | + | In order to maintain compatibility with existing non-%%TLS%%/%%SSL%% aware %%FTP%% clients, implicit %%FTPS%% was expected to listen on the IANA Well Known Port 990/TCP for the %%FTPS%% control channel and 989/%%TCP%% for the %%FTPS%% data channel. This allowed administrators to retain legacy compatible services on the original 21/%%TCP%% %%FTP%% control channel. |
| In Implicit Mode, the entire %%FTPS%% session (both control and data channels) is unconditionally encrypted. | In Implicit Mode, the entire %%FTPS%% session (both control and data channels) is unconditionally encrypted. | ||
| ===== [[certificate]] TLS/SSL Certificates ===== | ===== [[certificate]] TLS/SSL Certificates ===== | ||
| - | Learn about [[tls#certificate|TLS/SSL certificates]]. | + | Learn about TLS/SSL [[tls#certificate|server certificates]] and [[tls#client_certificate|client certificates]]. |