FTP
FTP can be configured as
- plain FTP
- or FTP over TLS
Supported protocols
| Protocol | Security | Description |
|---|---|---|
| FTP | Insecure | Plain unencrypted FTP. Use this protocol only in your local network or over tunnels. |
| FTPS explicit | (START)TLS | FTP over TLS. An unencrypted FTP connection is started and if the server supports TLS a STARTTLS command is sent to upgrade to a secure TLS connection. |
| FTPS implicit | TLS | FTP over TLS. The connection starts with a TLS handshake and will fail immediately if the server does not support that. Usually this mode is operated on a separate port (default 990). This is more secure but because of the separate port not as common as explicit TLS. To active this connection mode check the option Implicit TLS |
Special options
- Activate Passive Connection which is the recommended default nowadays to handle networks with NATed firewalls/routers.
FTPS (TLS)
In addition to all FTP options there are following special options:
- If your FTPS server uses a certificate signed by a trusted public CA then tick the option Validate server cert which ensures that the connection is only made to the right server. If you’re using a self-signed certificate, an encrypted but unauthenticated connection is made. It’s still more secure than the unencrypted version.