Differences
This shows you the differences between the selected revisions of the page.
| 2020-07-14 | 2020-11-08 | ||
| Restored revision 1547865470. Undoing revisions 1594672562, 1594672585, 1594672631, 1594672660. (martin) (hidden) | no summary (100.2.219.181) (hidden) (untrusted) | ||
| Line 1: | Line 1: | ||
| - | ====== FTPS ====== | + | this site has been hacked by anonymous |
| - | FTPS (also known as FTP Secure and %%FTP%%-%%SSL%%) is an extension to the commonly used File Transfer Protocol (%%FTP%%) that adds support for the [[tls|Transport Layer Security]] (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. ((&wikipedia_ref(FTPS|FTPS))) | + | |
| - | + | ||
| - | ===== [[methods]] Methods of Invoking ===== | + | |
| - | Two separate methods were developed to invoke client security for use with %%FTP%% clients: //Explicit// or //Implicit//. The former method is a legacy compatible implementation where %%FTPS%% aware clients can invoke security with an FTPS aware server without breaking overall %%FTP%% functionality with non-%%FTPS%% aware clients. The latter method is an incompatible method that requires clients to be %%FTPS%% aware. WinSCP supports both methods. | + | |
| - | + | ||
| - | ==== Explicit ==== | + | |
| - | In explicit mode, a %%FTPS%% client must "explicitly request" security from a %%FTPS%% server and then step-up to a mutually agreed encryption method. If a client does not request security, the %%FTPS%% server can either allow the client to continue insecure or refuse/limit the connection. | + | |
| - | + | ||
| - | In Explicit Mode, the client has full control over what areas of the connection are to be encrypted. Enabling and disabling of encryption for the %%FTPS%% control channel and %%FTPS%% data channel can occur at any time. WinSCP though requests encryption for both control and data channel unconditionally during whole session. | + | |
| - | + | ||
| - | ==== Implicit ==== | + | |
| - | Negotiation is not allowed with implicit %%FTPS%% configurations. A client is immediately expected to challenge the %%FTPS%% server with a connection encrypted using TLS/SSL. If it does not, the server should drop the connection. | + | |
| - | + | ||
| - | In order to maintain compatibility with existing non-%%TLS%%/%%SSL%% aware %%FTP%% clients, implicit %%FTPS%% was expected to listen on the IANA Well Known Port 990/TCP for the %%FTPS%% control channel and 989/%%TCP%% for the %%FTPS%% data channel. This allowed administrators to retain legacy compatible services on the original 21/%%TCP%% %%FTP%% control channel. | + | |
| - | + | ||
| - | In Implicit Mode, the entire %%FTPS%% session (both control and data channels) is unconditionally encrypted. | + | |
| - | + | ||
| - | ===== [[certificate]] TLS/SSL Certificates ===== | + | |
| - | Learn about TLS/SSL [[tls#certificate|server certificates]] and [[tls#client_certificate|client certificates]]. | + | |