Difference between revisions of "FTPS using Explicit TLS howto (Server)"

From FileZilla Wiki
Jump to navigationJump to search
Tag: Replaced
(Undo revision 53205 by 2600:387:2:803:0:0:0:72 (talk))
Tag: Undo
Line 4: Line 4:
  
 
== Enable Explicit FTP over TLS ==
 
== Enable Explicit FTP over TLS ==
 +
On the TLS settings page check "allow Explicit FTP over TLS."  It is recommended to also check "Disallow plain unencrypted FTP" and "Force PROT P to encrypt file transfers when using FTP over TLS". This will further enforce encryption policies; here PROT "P" is for "Private" as opposed to "C" for clear text. If you only want certain groups or users to have encryption you can set that up in the user or group editor.  If there is data you still want available to the general public the "Force" setting should be disabled in the server settings menu, as you will need an FTP client rather than a web browser to access the FTP server. If using "PROT P - Private",  the client may require a matching TLS setting or it may default to PROT C.
 +
 +
Another option you should enable is "Require TLS session resumption on data connection when using PROTP P" as it protects against data connection theft.
 +
 +
Setting up your FTP server in this way allows you to encrypt your data and login information without having to get 3rd party programs. With explicit TLS you will need an FTP client. Internet Explorer and Firefox don't support TLS without special plugins. FileZilla client supports FTPS both implicit (FTPS:// protocol), and explicit (FTPES://).

Revision as of 03:26, 12 October 2023

Configuration

Configure with NAT

Enable Explicit FTP over TLS

On the TLS settings page check "allow Explicit FTP over TLS." It is recommended to also check "Disallow plain unencrypted FTP" and "Force PROT P to encrypt file transfers when using FTP over TLS". This will further enforce encryption policies; here PROT "P" is for "Private" as opposed to "C" for clear text. If you only want certain groups or users to have encryption you can set that up in the user or group editor. If there is data you still want available to the general public the "Force" setting should be disabled in the server settings menu, as you will need an FTP client rather than a web browser to access the FTP server. If using "PROT P - Private", the client may require a matching TLS setting or it may default to PROT C.

Another option you should enable is "Require TLS session resumption on data connection when using PROTP P" as it protects against data connection theft.

Setting up your FTP server in this way allows you to encrypt your data and login information without having to get 3rd party programs. With explicit TLS you will need an FTP client. Internet Explorer and Firefox don't support TLS without special plugins. FileZilla client supports FTPS both implicit (FTPS:// protocol), and explicit (FTPES://).

Retrieved from "https://wiki.filezilla-project.org/wiki/index.php?title=FTPS_using_Explicit_TLS_howto_(Server)&oldid=53229"