FTP/SSL

From Prolixium Wiki
Revision as of 19:27, 21 August 2008 by Prolixium (talk | contribs) (New page: FTP/SSL (FTPS) is essentially File Transter Protocol over TLS/SSL. Both the control and data connections are encrypted, unlike normal FTP where both are in the clear. IANA ha...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

FTP/SSL (FTPS) is essentially File Transter Protocol over TLS/SSL. Both the control and data connections are encrypted, unlike normal FTP where both are in the clear. IANA has assigned the following port numbers to FTPS:

ftps-data	989/tcp    ftp protocol, data, over TLS/SSL
ftps-data	989/udp    ftp protocol, data, over TLS/SSL
ftps		990/tcp    ftp protocol, control, over TLS/SSL
ftps		990/udp    ftp protocol, control, over TLS/SSL

Firewall Problems

As Wikipedia states, FTPS causes several problems with firewalls, since the ALGs cannot glean the port number issued in the PORT command to dynamically open up a child session for the data connection. Normally passive mode will work around this, if outbound connectivity to all ports above 1024 are allowed to the server. If this is not the case, passive mode will not work, either, and all TCP ports above 1024 will need to be opened.

External Links

RFC 4217 - Securing FTP with TLS IANA Port Assignments