FTP over TLS
How TrueFTP secures transfers with explicit FTP over TLS (FTPS), and why explicit mode is the right default.
Every TrueFTP connection is encrypted with explicit FTP over TLS (often called FTPS). This protects both your credentials and your file data in transit.
Explicit vs implicit TLS
- Explicit TLS (
AUTH TLS) — the client connects on the normal port and then upgrades the connection to TLS with theAUTH TLScommand. This is what TrueFTP uses, on port2121. - Implicit TLS — assumes TLS from the first byte on a dedicated port (historically 990). It is older and less flexible.
Always configure your client for explicit TLS.
What gets encrypted
With explicit TLS and an encrypted data channel (PROT P), both are protected:
- Control channel — usernames, passwords, and commands
- Data channel — the file contents themselves
Most clients negotiate this automatically once you select "Require explicit FTP over TLS." With curl, the --ftp-ssl flag handles it.
Why it matters
Plain FTP sends everything — including your password — in clear text. On any untrusted network that is a serious exposure. Explicit TLS gives you the same protection that secures HTTPS, while keeping the familiar FTP command model your tools already speak.
Related
- Connecting with an FTP client
- Securing file transfers — a deeper security guide