Development and growth of the Internet made secure data transfer methods absolutely essential. One of the first technical solutions was the SSL (Secure Socket Layer) protocol. It is wide spread and most Web browsers, FTP-clients, Web servers and hardware systems support it. SSL protocol provides session-level identification and encryption, establishes the client-server channel and ensures data transfer security and privacy by means of encryption.
A simplified work scheme of the SSL protocol can be represented in the following way:
A client sends a greeting message to a server. The message contains the following info: protocol version and encryption methods supported by the client, a random number and a session ID. The server responds with its own greeting message or an error message. A server greeting message is similar to a client message, and "tells" the client which encryption algorithm to use.
After sending a greeting message, a server can send its certificate or a certificate chain (a group of certificates, where all certificates but one are signed by a previous certificate) for identification. Identification is required for key exchange, except when the anonymous Diffie-Hellman algorithm is used. Key exchange can be performed by means of certificates (which
determine the encryption algorithm) when establishing a connection. Usually, X.509.3 format certificates are used. A client receives a public server key, which can be used as a current session key. After a server certificate is sent to the client, the server can request a client certificate.
Then, a successful connection notification message is sent and both sides can start encrypted data transfer.
FastTrackFTP supports SSL 2, SSL 3, TLS 1, and TLS 1.1
FTPS supports two channel protection modes: Explicit and Implicit.
Explicit and Implicit Security
Explicit security mode implies an explicit switch to a secure data transfer mode: the server switches to a secure data transfer mode after a corresponding command is received from the client.
In Implicit security mode, a secure channel is established immediately when connected to an FTP server.