FTPS

FTPS (also known as FTP Secure and FTP-SSL) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.1

Methods of Invoking
- Explicit
- Implicit

Methods of Invoking

Two separate methods were developed to invoke client security for use with FTP clients: Explicit or Implicit. The former method is a legacy compatible implementation where FTPS aware clients can invoke security with an FTPS aware server without breaking overall FTP functionality with non-FTPS aware clients. The later method is an incompatible method that requires clients to be FTPS aware. WinSCP supports both methods.

Explicit

In explicit mode, a FTPS client must “explicitly request” security from a FTPS server and then step-up to a mutually agreed encryption method. If a client does not request security, the FTPS server can either allow the client to continue insecure or refuse/limit the connection.

In Explicit Mode, the client has full control over what areas of the connection are to be encrypted. Enabling and disabling of encryption for the FTPS control channel and FTPS data channel can occur at any time. WinSCP though requests encryption for both control and data channel unconditionally during whole session.

Implicit

Negotiation is not allowed with implicit FTPS configurations. A client is immediately expected to challenge the FTPS server with a connection encrypted using TLS/SSL. If it does not, the server should drop the connection.

In order to maintain compatibility with existing non-TLS/SSL aware FTP clients, implicit FTPS was expected to listen on the IANA Well Known Port 990/TCP for the FTPS control channel and 989/TCP for the FTPS data channel. This allowed administrators to retain legacy compatible services on the original 21/TCP FTP control channel.

In Implicit Mode, the entire FTPS session (both control and data channels) is unconditionally encrypted.

. 2011-12-20 14:59:07.859 SSL3 alert read: fatal: unexpected_message . 2011-12-20 14:59:07.859 SSL_connect: error in SSLv2/v3 read server hello A . 2011-12-20 14:59:07.859 Can’t establish SSL connection . 2011-12-20 14:59:07.859 Disconnected from server . 2011-12-20 14:59:07.859 Connection failed. . 2011-12-20 14:59:07.859 Got reply 1004 to the command 1 * 2011-12-20 14:59:07.879 (ESshFatal) Connection failed. * 2011-12-20 14:59:07.879 SSL3 alert read: fatal: unexpected_message * 2011-12-20 14:59:07.879 SSL_connect: error in SSLv2/v3 read server hello A * 2011-12-20 14:59:07.879 Can’t establish SSL connection * 2011-12-20 14:59:07.879 Disconnected from server * 2011-12-20 14:59:07.879 Connection failed.

Please help in resloving this error.