Accessing FTP with FTP over TLS

Using FTPeS or FTP over Explicit TLS is fairly simple and straightforward. It doesn't change anything that you do in regards to how you perform FTP actions. The only change is changing your Server Type from regular FTP to FTPeS.

What is FTPeS?
FTPeS is short for FTP over explicit TLS/SSL. TLS and SSL is a means of encrypting data, using a public/private key combination set. This is the same technology that is used to bring secure web browsing (HTTPS) on the web. Note that when you go to purchase an item from a website on the Internet, when you check out most of the time you are taken to a secure website, noted by the HTTPS in the browser's location bar and by the padlock icon in the bottom status bar of your browser. FTPeS is basically the same thing. FTPeS using the same type of technology to encrypt your login credentials as you log into the FTP server. This prevents anything that might be listening on your connection from reading your username and password. Regular FTP will pass this information across your connection in plain text, so if someone was sniffing your connection, they could easily attain your username and password.

To enable FTPeS for your FTP connection using FileZilla you can follow the instructions given below.

Start FileZilla.

If you are already using FileZilla as your FTP application then you may already have your FTP account stored in FileZilla's Site Manager.

Click on File and select Site Manager... This will bring up the Site Manager dialog box.

Site Manager Dialog Box


If you are already using FileZilla then you may see your site already listed here. If so, just select it and the information for the account will show up in the right side of the Site Manager dialog box. Otherwise, click on New Site to add your account to FileZilla's site manager.

You would fill out the corresponding information accordingly or if you are modifying an account that already existed in the Site Manager, just leave everything as is. The one thing to change is where it says Servertype click the drop down box beside it and notice the options. You will want to select the option for FTPES - FTP over explicit TLS/SSL.

Select FTPES in drop down box


That is really the only change you have to make. Once this is selected and all of your other information is filled in, click on OK or Connect if you want to connect to your FTP account.

Concerning Logontype

I would highly recommend that you use a Logontype of Ask for password. This does not store your account's password in the Site Manager. Instead you will have to type in your password every time you connect. The reason for this, is that there have been some viruses and trojans in the past that users have gotten on their computers. These trojans/viruses scan your computer for valid username and passwords and many times it will look in the data storage areas for popular FTP Site Managers. Storing your password here means that you would be vulnerable to attack from this method. If hackers or malicious users gain access to your account's username and password, then your account can be compromised.


Now when you connect to your FTP account using FTPeS, you may be presented with a dialog box concerning the security certificate being used for the connection. We mostly use self-signed certificates for FTP. Self-signed certificates offer the exact same protection, encryption-wise, that a authoritative-signed certificate does. It is completely safe to accept this certificate.

The top of the warning may look something like:

Self-Signed Certificate Warning Top


Near the bottom of the warning dialog you will see an option to always accept this certificate.

Self-Signed Certificate Warning Bottom


If you are going to be connecting to FTP very often, you may want to select this option so that you are not bothered with this warning.

After you have connected you can review the FTP transaction log, near the top of the FTP client. Scroll back up and you can see that TLS was indeed used when passing your username and password information to the server.

Log showing TLS was used


Now you can continue to use FTP as you normally would. You can just feel a little bit safer knowing that your login information is not easily viewable by hackers or other malicious users that may be listening to your connection.