what port does ssl use
I know that explicit “negotiated” FTPS is preferred, because it still uses the standard port 21 with that method but in regards to “implicit” non-negotiated FTPS using a standard port of 990 vs. port 22 (which I have seen some people describe), why is there this difference in a “standard” for the non-negotiated port number?
Note: I also noticed that a FileZilla server won’t work properly (when connecting from a FileZilla client) if I configure it to use anything other than the default of port 990.
SFTP (SSH File Transfer Protocol) is not the same as FTPS (FTP-SSL).
SFTP is intimately related to SSH, and has no relation, except in purpose and name, with FTP.
Contrast with FTPS, which is simply the FTP protocol with SSL.
The main difference is that SFTP only uses one stream, whereas FTPS, like FTP, uses at least two: a control stream, where the commands are issued, and another one for each data transfer.
I think there’s a glitch in the question itself:
- SFTP is a subsystem of SSH, and SSH by default listens on port 22
- FTPS by default runs on port 990, but that’s not related to SFTP: in fact it is FTP over SSL
These are two distinct and completely different protocols.
SFTP (SSH File Transfer Protocol) only needs port 22 and no other port, therefore is very firewall friendly, and highly secure thanks to the encryption layer provided by the SSH connection.
FTPS is highly secure thanks to the encapsulation within a SSL channel, but it requires quite a few open ports to operate (990 for the control channel, 989 for the data channel, and a whole bunch of other ports if you need passive connections) and is therefore much less firewall friendly. But – in general – it tends to be a bit faster than SFTP.