FTP over TLS

From FileZilla Wiki
Jump to navigationJump to search

Setup

Very strange for Google who does a deecnt job in my opinion of offering (or even enforcing)(as it must be) TLS everywhere else, except for here. Does not make any sense. Worse, they do not seem to share the reason why. (I'm sure there must be one, but they won't share it, or so it seems based on searching the interwebs on this). It is time they add this. Come on!, google.Thanks all! Cheers.Jason

Client Setup

For a client to connect to a server using SSL, then the host for that connection needs to be set to FTPS. In FileZilla client this means prefixing the host with "FTPES://" for "explicit" FTPS, or "FTPS://" for the legacy "implicit" FTPS.

Certificate Removal

The file trustedcerts.xml contains certificates for secure websites that you have told your FileZilla client to trust connections to. This file should not be confused with any certificates you have in use if you use FileZilla as a server as well.

Windows

In order to remove a saved certificate, navigate to %APPDATA%\FileZilla and delete, rename or modify the trustedcerts.xml file.

Linux

In order to remove a saved certificate rename or modify the file ~/.filezilla.

Explicit vs Implicit FTPS

FTPS (SSL/TLS) is served up in two incompatible modes. If using explicit FTPS, the client connects to the normal FTP port and explicitly switches into secure (SSL/TLS) mode with "AUTH TLS", whereas implicit FTPS is an older style service that assumes SSL/TLS mode right from the start of the connection (and normally listens on TCP port 990, rather than 21). In a FileZilla client this means prefixing the host with "FTPES://" to connect an "explicit" FTPS server, or "FTPS://" for the legacy "implicit" server (for which you will likely also need to set the port to 990).

SSL/TLS (FTPS) vs SSH (SFTP)

FTPS (FTP encrypted with SSL/TLS) should not be confused with SFTP (SSH). The latter is a completely different protocol, with more information here.