FTP over SSL

from Wikipedia, the free encyclopedia
FTPS in the TCP / IP protocol stack :
application FTP
transport SSL / TLS
TCP
Internet IP ( IPv4 , IPv6 )
Network access Ethernet Token
bus 		Token
ring 		FDDI ...

FTP over SSL or FTP over TLS , or FTPS for short , is a method for encrypting the File Transfer Protocol (FTP).

In contrast to SFTP , FTPS represents communication from FTP via Transport Layer Security (TLS) and no communication from FTP via SSH . The standard ports for establishing the connection are port 990 / TCP (control) and port 989 / TCP (data).

Encrypting FTP requires at least two separate connections. FTPS provides that the user data is not necessarily encrypted and that encryption can be omitted after authentication . The extent to which FTPS is encrypted also depends on the server and client . Simply encrypting the connection establishment can result in a clear advantage in the transmission speed compared to SFTP or SCP . Whether SFTP or SCP achieve similarly high transmission speeds depends on the client and server software used. TLS also enables authentication via X.509 certificates, which is not provided for in SFTP.

Several dozen clients and servers as well as a few proxies support FTPS. For FXP over TLS, for example, there is SSCN (set secured client negotiation).

procedure

  1. The client establishes a conventional, unencrypted control channel to the server .
  2. The client sends the request AUTH TLS.
    If this request is not made, the server can reject all other requests.
  3. The server sends the response to announce the switch to TLS 234.
    If there is no response, the client can continue unencrypted.
  4. If the control channel has switched to TLS, the client can also request TLS for the user data channels.
    Alternatively, the client can request a return to the unencrypted connection at any time, but the server can refuse this.

Norms and standards

FTPS is standardized as a Request for Comments (RFC). The first version that is still valid today is RFC 4217 from 2005 with the title Securing FTP with TLS . What is strange about this RFC is that it defines a protocol without specifying its own abbreviation or official short name.

Individual evidence

  1. ^ P. Ford-Hutchinson:  RFC 4217 . - Securing FTP with TLS . October 2005. (English).
  2. P. Ford-Hutchinson: ftps - RFC4217 - state of play . Retrieved February 22, 2012.