Skip to content

Advanced FTP Site Settings: Security Tab

The Connection tab of the Advanced FTP Site Settings dialog contains security related options are described as follows:

Password Encryption

By using password encryption, the password submitted to the remote server during the login process will be encrypted. The S/Key scheme utilizes the One Time Password (OTP) system. TurboFTP generates and submits a temporary password based on the challenge from the server, thus ensuring that your real login password will not be transmitted on the network and different temporary passwords will be used for login at different times.

OTP S/Key can only be used with a server that supports it. To take advantage of it, select the encryption option, MD4 (S/Key) or MD5 (S/Key). By selecting Not Encrypted , the login password for this site will be sent out without encryption, i.e., in plaintext.

Secure Connection

Here, you find options for using SSL/TLS. You can choose from the following options:

  • Standard (Not encrypted)
    Standard FTP without SSL/TLS encryption (default).

  • SSL Implicit Encryption
    Secure FTP with implicit SSL. Port 990 is the standard port for implicit SSL.

  • Explicit Encryption (AUTH SSL)

  • Explicit Encryption (AUTH TLS)
    Secure FTP with explicit SSL/TLS encryption.

  • SFTP over SSH2
    Connect to an SSH2 server that implements an SFTP service. The standard port is 22.

In explicit encryption, the FTP client needs to send an explicit command ( i.e., "AUTH SSL" or "AUTH TLS") to the FTP server to initiate a secure control connection; while in implicit encryption, the client establishes a secure control connection upon connection with the server.

As with a typical FTP server, a port number needs to be specified for connection with a secure FTP server. If the value in the Port field is changed, the Port value in the Site Address Book for this server will be updated accordingly, and vice versa.

Use SSL/TLS client certificate

In case the secure FTP server requires authentication using a client certificate, you must supply your own certificate, including a certificate file and private key file. Check the checkbox "Use SSL/TLS client certificate" and supply the key file locations. If the private key file is encrypted, supply the password as well.

Clear Command Channel (CCC)

When connected to a TLS-enabled FTP server, all traffic in the command channel and the data channel is encrypted by default. This poses a problem for FTP-aware firewalls which can't detect any FTP commands in the control channel anymore. When enabled, messages in the command channel are sent in the plain text while data transfer remains encrypted.

Note that when CCC is enabled, options [Clear listing data transfer] and [Clear file data transfer] should be either both enabled or both disabled (not recommended).

Clear listing data transfer

When connected to an SSL/TLS-based FTP server, do not use encryption when retrieving remote listings.

Clear file data transfer

When connected to an SSL/TLS-based FTP server, do not use encryption when transferring files.