FTP/SSL

From Prolixium Wiki
Jump to navigation Jump to search

FTP/SSL (FTPS) is essentially File Transter Protocol over TLS/SSL. Both the control and data connections are encrypted, unlike normal FTP where both are in the clear. IANA has assigned the following port numbers to FTPS:

ftps-data	989/tcp    ftp protocol, data, over TLS/SSL
ftps-data	989/udp    ftp protocol, data, over TLS/SSL
ftps		990/tcp    ftp protocol, control, over TLS/SSL
ftps		990/udp    ftp protocol, control, over TLS/SSL

Firewall Problems

As Wikipedia states, FTPS causes several problems with firewalls, since the ALGs cannot glean the port number issued in the PORT command to dynamically open up a child session for the data connection. Normally passive mode will work around this, if outbound connectivity to all ports above 1024 are allowed to the server. If this is not the case, passive mode will not work, either, and all TCP ports above 1024 will need to be opened.

External Links