FTPS using Explicit TLS howto (Server): Difference between revisions
m (Reverted edits by 151.41.240.213 (talk) to last revision by Auri) Tag: Rollback |
|||
Line 1: | Line 1: | ||
== Configuration == | == Configuration == | ||
== Configure with NAT == | == Configure with NAT == |
Revision as of 01:44, 12 October 2023
Configuration
Configure with NAT
Please read the Network Configuration guide for instructions on how to configure the server behind NAT devices (Router, Firewall, etc).
Enable Explicit FTP over TLS
On the TLS settings page check "allow Explicit FTP over TLS." It is recommended to also check "Disallow plain unencrypted FTP" and "Force PROT P to encrypt file transfers when using FTP over TLS". This will further enforce encryption policies; here PROT "P" is for "Private" as opposed to "C" for clear text. If you only want certain groups or users to have encryption you can set that up in the user or group editor. If there is data you still want available to the general public the "Force" setting should be disabled in the server settings menu, as you will need an FTP client rather than a web browser to access the FTP server. If using "PROT P - Private", the client may require a matching TLS setting or it may default to PROT C.
Another option you should enable is "Require TLS session resumption on data connection when using PROTP P" as it protects against data connection theft.
Setting up your FTP server in this way allows you to encrypt your data and login information without having to get 3rd party programs. With explicit TLS you will need an FTP client. Internet Explorer and Firefox don't support TLS without special plugins. FileZilla client supports FTPS both implicit (FTPS:// protocol), and explicit (FTPES://).