FTP Cpanel implicit vs explicit encryption
(FTP over SSL/TLS (Implicit Encryption vs (FTP over SSL/TLS (Explicit Encryption





----------------------------------------------------------------
SSL/TLS
----------------------------------------------------------------

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are cryptographic protocols that allow making secure connections from an FTP client to a server with SSL capabilities. The server sends the client a certificate and a public key for encryption. If the client accepts/trusts the server's certificate, an SSL connection can be established. When an SSL connection is established, all data passing from one side to the other will be encrypted and will only be able to be decrypted by the parties involved in the transfer of data.

When both a client and server support SSL or TLS, the utilization of security is accomplished through a sequence of commands passed between the two machines.
The FTP protocol definition provides at least two distinct mechanisms by which this sequence is initiated: Explicit (active) and Implicit (passive) security.


(FTP over SSL/TLS (Implicit Encryption

.

As its name implies, implicit SSL is a type of FTPS connection wherein SSL encryption is implied. As soon as a connection is established between the FTPS client and your managed file transfer server, both command (a.k.a. control) and data channels will be automatically protected with SSL encryption.

Implicit SSL is ideal if you really want full encryption for your entire FTP connection from the start of the session. However, since encryption always consumes more bandwidth and computational resources, there may be instances when you'll want to encrypt only one channel.

For instance, if the files your users normally upload to your managed file transfer server don't contain confidential information, then the only things you will want to encrypt are the usernames and passwords that get submitted during authentication. Since user credentials are sent via the command channel, then that's the only channel you would need to encrypt.
But then you can't do that with Implicit SSL. Implicit SSL always encrypts both the command and data channels.


(FTP over SSL/TLS (Explicit Encryption

ǡ .

For the situation described above (encrypt only user credentials), a better choice would be Explicit SSL. With Explicit SSL, you're allowed to choose which channel to encrypt. You can even choose to revert back to regular (unencrypted) FTP and not encrypt any channel at all. Explicit SSL runs over port 21, which is the same port used by regular FTP, making it easy for your server to cater to both clients that support FTPS and those that only support regular FTP.

Most secure file transfer clients will encrypt both command and data channels of Explicit SSL connections by default. This is the better choice, especially for organizations covered by laws and regulations like PCI-DSS, SOX, HIPAA, and GLBA, which either strongly recommend or explicitly require encryption.
If you're working to achieve regulatory compliance, you wouldn't want to leave security decisions in the hands of your end users. In that case, it would certainly be more prudent to encrypt data channels at all times.

To make sure all clients are forced to use encrypted data channels when connecting to your Explicit SSL FTPS service, go to the Services > FTP/S node in JSCAPE MFT Server and scroll down until you see the checkbox labeled Require data channel encryption. By enabling this option if a user tries to disable data channel encryption, your server will not allow the session to continue.

----------------------------------------------------------------
implicit vs explicit encryption
----------------------------------------------------------------

,

Explicit mode 21

No encryption/plain mode

Communication schema:

  1. Client connects to the server.
  2. Client talks to the server over this unencrypted channel.
  3. Username + password is sent unencrypted.




Ftp ftp = new Ftp();
ftp.Connect("example.com", SslMode.None);

TLS/SSL - Explicit mode

Communication schema:

  1. Client connects to the server.
  2. Client explicitly requests TLS/SSL encryption to be switched on.
  3. Client talks to the server using encrypted channel.
  4. Username + password is sent encrypted.


:

Ftp ftp = new Ftp();
ftp.Connect("example.com", SslMode.Explicit);

Ftp ftp = new Ftp();
ftp.Connect("example.com", SslMode.None);
ftp.Secure(); // request encryption
TLS/SSL - Implicit mode

Communication schema:

  1. Client connects to the server and TLS/SSL encryption is switched on implicitly as soon as the channel is established.
  2. Client talks to the server using encrypted channel.
  3. Username + password is sent encrypted.


:

Ftp ftp = new Ftp();
ftp.Connect("example.com", SslMode.Implicit);
----------------------------------------------------------------
ports implicit vs explicit encryption
----------------------------------------------------------------




:
FTP Cpanel TLS/SSL Explicit encryption


:
https://www.rebex.net/kb/tls-ssl-explicit-implicit/

https://docs.cpanel.net/knowledge-ba...-passive-mode/