Learning about SSL

When you use CuteFTP to connect securely to a server that supports SSL or TLS (SSL v3), the two computers pass a sequence of commands to create a secure connection. The FTP protocol definition provides at least two distinct mechanisms by which this sequence is initiated: Explicit (active) and Implicit (passive) security.

Explicit Security - Explicit security requires that the FTP client issue a specific command to the FTP server after establishing a connection to establish the SSL link. The default FTP server port is used. This formal method is documented in RFC 2228.

Implicit Security - Implicit security is a mechanism by which security is automatically turned on as soon as the FTP client makes a connection to an FTP server. In this case, the FTP server defines a specific port for the client (990) to be used for secure connections.

Implicit SSL is discussed in various SSL drafts, but not formally adopted in an RFC. For strict compliance to standards, use the explicit method. Implicit SSL adds benefits in the form of a dedicated port strictly used for secure connections, requiring fewer overheads in establishing the session. There are various FTP servers that support this mode, including Globalscape's EFT Server. For more on SSL Connection Mechanisms, see Troubleshooting SSL Connections.

SSL Sessions

The diagram shows an SSL session using explicit security. In this picture, the two computers communicate over an Internet connection. Time is represented vertically; the first communication at the top of the time line is from the Client to the Server, and subsequent communications proceed chronologically down the time line. The breaks in the time line represent the passage of time. CuteFTP adheres to Internet standards for secure transfer of files over the FTP protocol. Specifically, CuteFTP implements the FTP extensions documented in RFC 2228. Any FTP Server that also implements these extensions will work with CuteFTP in order to ensure the encryption of your sensitive data.