Differences
This shows you the differences between the selected revisions of the page.
| ftps 2020-11-08 | ftps 2024-09-18 (current) | ||
| Line 1: | Line 1: | ||
| - | this site has been hacked by anonymous | + | ====== FTPS ====== |
| + | FTPS (also known as FTP Secure and %%FTP%%-%%SSL%%) is an extension to the commonly used File Transfer Protocol (%%FTP%%) that adds support for the [[tls|Transport Layer Security]] (TLS) cryptographic protocol (previously known as the Secure Sockets Layer – SSL).((&wikipedia_ref(FTPS|FTPS))) | ||
| + | |||
| + | ===== [[methods]] Methods of Invoking ===== | ||
| + | Two separate methods were developed to invoke client security for use with %%FTP%% clients: //Explicit// or //Implicit//. The former method is a legacy compatible implementation where %%FTPS%% aware clients can invoke security with an FTPS aware server without breaking overall %%FTP%% functionality with non-%%FTPS%% aware clients. The latter method is an incompatible method that requires clients to be %%FTPS%% aware. WinSCP supports both methods. | ||
| + | |||
| + | ==== Explicit ==== | ||
| + | In explicit mode, a %%FTPS%% client must "explicitly request" security from a %%FTPS%% server and then step-up to a mutually agreed encryption method. If a client does not request security, the %%FTPS%% server can either allow the client to continue insecure or refuse/limit the connection. | ||
| + | |||
| + | In Explicit Mode, the client has full control over what areas of the connection are to be encrypted. Enabling and disabling of encryption for the %%FTPS%% control channel and %%FTPS%% data channel can occur at any time. WinSCP though requests encryption for both control and data channel unconditionally during whole session. | ||
| + | |||
| + | ==== Implicit ==== | ||
| + | Negotiation is not allowed with implicit %%FTPS%% configurations. A client is immediately expected to challenge the %%FTPS%% server with a connection encrypted using TLS/SSL. If it does not, the server should drop the connection. | ||
| + | |||
| + | In order to maintain compatibility with existing non-%%TLS%%/%%SSL%% aware %%FTP%% clients, implicit %%FTPS%% was expected to listen on the IANA Well Known Port 990/TCP for the %%FTPS%% control channel and 989/%%TCP%% for the %%FTPS%% data channel. This allowed administrators to retain legacy compatible services on the original 21/%%TCP%% %%FTP%% control channel. | ||
| + | |||
| + | In Implicit Mode, the entire %%FTPS%% session (both control and data channels) is unconditionally encrypted. | ||
| + | |||
| + | ===== [[certificate]] TLS/SSL Certificates ===== | ||
| + | Learn about TLS/SSL [[tls#certificate|server certificates]] and [[tls#client_certificate|client certificates]]. | ||