Netscape originally developed Secure Socket Layer (SSL) for secure Web browsing. When both a client and server support the AUTH SSL command security is accomplished through a sequence of commands passed between the two machines. The FTP protocol definition provides at least two distinct mechanisms by which this sequence is initiated: explicit (active) and implicit (passive) security.
Explicit Security: In order to establish the SSL link, explicit security requires that the FTP client issue a specific command to the FTP server after establishing a connection. The default FTP server port is used. This formal method is documented in RFC 2228.
Implicit Security: Implicit security automatically begins with an SSL connection as soon as the FTP client connects to an FTP server. In implicit security, the FTP server defines a specific port for the client (990) to be used for secure connections.
Implicit SSL is discussed in various SSL drafts but is not formally adopted in an RFC. For strict compliance to standards, use the explicit method. |
Because implicit SSL has a dedicated port strictly used for secure connections, implicit SSL connections require less overhead when you establish the session. A variety of FTP servers support this mode.
You can think of implicit security as "always on" and explicit security as "turn on." The following diagram contrasts implicit and explicit SSL connections.