The ccc command disables TLS security for the control connection. This is used mainly for FTP connections which are routed via firewalls and NAT devices as these devices must be able to read and modify certain FTP commands (PORT, PASV, EPRT, EPSV) to perform their tasks.
ccc |
The ccc command enables you to cancel encryption of the control connection after the first time the user ID, password and, if necessary, account are transferred in order, for example, to subsequently transfer files through firewalls.
After the ccc command has been issued, the commands for setting the encryption of the data connections (PBSZ, PROT) are rejected, i.e. in this respect the status at the time when the ccc command was issued is retained. If, for instance, encryption of the data connections was enabled, the data connections continue to be encrypted.
You should use the ccc command only when it is absolutely necessary, because after it has run the names of the files and directories which were addressed and which could present secret information are once more visible to an attacker. A control connection in plaintext mode also means that certain attacks on an FTP server which are prevented by using TLS are possible again.