The -tlsSecureDataConnection option is used to define whether the data connection from the FTP client to the server child should be secured with TLS.
As the data connection can only be secured if the control connection is secured, it makes no sense to select a weaker setting for -tlsSecureControlConnection (see "-tlsSecureControlConnection") than for-tlsSecureDataConnection. Consequently -tlsSecureControlConnection will, if required, automatically be raised to the same value as -tlsSecureDataConnection.
-tlsSecureDataConnectionr |
NONE | OPTIONAL | REQUIRE |
NONE
The control connection is never secured, in other words a corresponding PROT command (see "FTP login commands") is rejected with a negative return code.
NONE is the default.
The setting “NONE” makes sense if, for example, you only want to offer the option of transferring the password in encrypted form but are not ready or, because of the server performance, not able to offer encryption of the files transferred. However, here you must bear in mind that a large number of Windows FTP clients do not permit the option of just securing the control connection.
OPTIONAL
The data connection is secured when this is requested by the client.
REQUIRE
Data transfer is only permitted if the data connection is secured beforehand.