FTP

FTP can be configured as

  • plain FTP
  • or FTP over TLS

Supported protocols

ProtocolSecurityDescription
FTPInsecurePlain unencrypted FTP. Use this protocol only in a local network or over tunnels.
FTPS explicit(START)TLSFTP over TLS. An unencrypted FTP connection is started and if the server supports TLS a STARTTLS command is sent to upgrade to a secure TLS connection.
FTPS implicitTLSFTP over TLS. The connection starts with a TLS handshake and will fail immediately if the server does not support that. Usually this mode is operated on a separate port (default 990). This is more secure but because of the separate port not as common as explicit TLS. To active this connection mode check the option Implicit TLS

Special options

  • Activate Passive Connection which is the recommended default nowadays to handle networks with NATed firewalls/routers.

FTPS (TLS)

In addition to all FTP options there are following special options:

  • If the FTPS server uses a certificate signed by a trusted public CA then tick the option Validate server cert which ensures that the connection is only made to the right server. When using a self-signed certificate, an encrypted but unauthenticated connection is made. It’s still more secure than the unencrypted version.