What Are the Variations on SSL/TLS Security for FTP?
The following variations have come up during development of Secure FTP (FTPS): • “SSL CONNECT”, in which a connection is made to a special port (e.g. 990 instead of 21) and SSL negotiations happen automatically. Kermit does this when you include the /SSL (or /TLS) switch in the FTP OPEN command. • “AUTH SSL”, in which the connection is made to port 21 and then SSL negotiations are started when the client sends an AUTH SSL command. • “AUTH TLS”, in which the connection is made to port 21 and then TLS negotiations are started when the client sends an AUTH TLS command, and then a protection level is negotiated with the PROT command. You have to use a method that is supported by the server. Method 3 is currently favored; the other two are “deprecated”. Method 1 is not used by Kermit unless you ask for it. Methods 2 and 3 are negotiated automatically, with the first preference going to TLS; i.e. Kermit sends AUTH TLS first and then sends AUTH SSL only if AUTH TLS is refused. If necessary yo
