Manage Learn to apply best practices and optimize your operations.

How FTPS differs from TLS

Take an indepth look at FTP over SSL, how it works and how it differs from TLS and other protocols

Does VeriSign have a solution for FTPS (FTP over SSL)? Is there an existing implementation on this? If so, how does it work?
FTPS is an enhancement to FTP that uses the standard FTP protocol and commands over secure sockets, adding SSL (Secure Socket Layer) security to both the protocol and data channels. FTPS is also known as FTP-SSL and FTP-over-SSL. SSL is a protocol that encrypts and decrypts data across a secure connection from a client to a server with SSL capabilities. The server sends the client a certificate and a public key for encryption. If the client trusts the server's certificate, the SSL connection can be established. All data that passes from one side to the other will be encrypted, and only the client and the server can decrypt the data. The SSL protocol is the same protocol used in FTPS. You may also see SSL used in conjunction with TSL. SSL has merged with other protocols and authentication methods to form a new protocol known as Transport Layer Security (TLS).

Although a server requires you to present a digital certificate before you use FTPS, you don't have to use a certificate issued by VeriSign. You can use a digital certificate issued by any of the well-known certificate authorities, or, one you have issued yourself, using Microsoft Certificate Server for example. You can have a trusted certificate authority, such as Verisign or Thawte, sign the certificates you create. There are plenty of FTP programs that can handle FTPS. One is GlobalSCAPE's Secure FTP Server, which includes a full digital certificate management system for creating, signing and importing digital certificates to a trusted list. It also supports client authentication to verify users' identities by forcing users to present a certificate. The server compares the client certificate to a list contained in its trusted certificates database, and then either accepts or rejects the connection based upon a match.

This was last published in December 2005

Dig Deeper on IPv6 security and network protocols security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.