Secure file transfers using File Transfer Protocol (FTP) sessions are supported in both the implicit SSL/TLS mode and the explicit SSL/TLS mode.

FTP with implicit SSL/TLS uses two different ports for the FTP service. In this mode, FTP offers an unsecured service on port 21, and a secured service on port 990. All secured sessions are conducted on port 990.

FTP with explicit SSL/TLS uses the same port (21) for both unsecured and secured services. FTP clients connect to port 21 to establish a control connection that is initially unsecured. Clients wishing to perform secure file transfer then send FTP commands over this control connection to make the control or the data connection secure.

In addition to the standard usercode and password authentication method, the MCP FTP client can be configured to supply an X.509 certificate to those FTP servers that require this method of authentication. The MCP server can be configured to ask for client certificates and make them optional or required for the connection.

Refer to the TCP/IP Distributed Systems Services Operations Guide for more information.