Differences
This shows you the differences between the selected revisions of the page.
| 2023-10-09 | 2023-12-20 | ||
| 6.2 Change: SSL (3.0) is no longer supported. TLS 1.0 and 1.1 are disabled by default, to match the OpenSSL 3 defaults (martin) | no summary (211.119.150.217) (hidden) (untrusted) | ||
| Line 10: | Line 10: | ||
| In Explicit Mode, the client has full control over what areas of the connection are to be encrypted. Enabling and disabling of encryption for the %%FTPS%% control channel and %%FTPS%% data channel can occur at any time. WinSCP though requests encryption for both control and data channel unconditionally during whole session. | In Explicit Mode, the client has full control over what areas of the connection are to be encrypted. Enabling and disabling of encryption for the %%FTPS%% control channel and %%FTPS%% data channel can occur at any time. WinSCP though requests encryption for both control and data channel unconditionally during whole session. | ||
| - | ==== Implicit ==== | + | bhuvan-ftp.nrsc.gov.in |
| - | Negotiation is not allowed with implicit %%FTPS%% configurations. A client is immediately expected to challenge the %%FTPS%% server with a connection encrypted using TLS/SSL. If it does not, the server should drop the connection. | + | |
| - | + | ||
| - | In order to maintain compatibility with existing non-%%TLS%%/%%SSL%% aware %%FTP%% clients, implicit %%FTPS%% was expected to listen on the IANA Well Known Port 990/TCP for the %%FTPS%% control channel and 989/%%TCP%% for the %%FTPS%% data channel. This allowed administrators to retain legacy compatible services on the original 21/%%TCP%% %%FTP%% control channel. | + | |
| - | + | ||
| - | In Implicit Mode, the entire %%FTPS%% session (both control and data channels) is unconditionally encrypted. | + | |
| ===== [[certificate]] TLS/SSL Certificates ===== | ===== [[certificate]] TLS/SSL Certificates ===== | ||
| Learn about TLS/SSL [[tls#certificate|server certificates]] and [[tls#client_certificate|client certificates]]. | Learn about TLS/SSL [[tls#certificate|server certificates]] and [[tls#client_certificate|client certificates]]. | ||