The FTP server supports the FTPprotocol commands AUTH, PBSZ and PROT in the format required by RFC 4217:
The TLS, TLS-C, TLS-P and SSL parameters are permissible for the AUTH command. SSL, TLS and TLS-C have the same meaning and request TLS security only for the control connection. With TLS-P, security of the data connection is also requested.
The PBSZ command is only supported pro forma with the parameter 0 to ensure a login process as per RFC 2228.
The PROT command is supported with the parameters C and P where
C (= Clear) disables encryption of the data connection and
P (= Private) enables it.If TLS support is enabled, the FEAT command [RFC 2389] reports this with additional enumeration of AUTH TLS, PBSZ and PROT.
STAT command output is complemented by four lines. These lines first of all document whether the control connection and the data connections are secured with TLS. If any connection is secured, the used TLS protocol version and cipher suite is listed.
Examples
Non-secured control connection:
Protected control channel: Off Private data channel: Off Protocol: (none) Cipher: clear
Control connection secured with TLS 1.2, using AES-256, data connection not secured:
Protected control channel: On Private data channel: Off Protocol: TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
Control and data connections secured with TLS 1.2, using AES-256:
Protected control channel: On Private data channel: On Protocol: TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
Control and data connections secured with TLS 1.2 using AES-256, the control connection is unencrypted again after the ccc command:
Protected control channel: Off (cleared) Private data channel: On Protocol: TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256 bits)