> On 03/01/11 6:38 PM, Barry Brimer wrote: >> It is possible to instruct the FTPS client to keep the control channel in the >> clear so that firewalls that need to adjust to the ports being used can listen >> in on the conversation. The FTPS server has to agree to allow this to happen. > > aren't username/passwords sent in the clear then too? if so, whats the > point of using ftps ? No, they are not. On the FTPS server you can require TLS encryption of everything, auth, data, control channel, nothing, or combinations of them. In this case you would require auth+data which would mean that your control channel is in the clear, but the username/password exchange and the data would be protected. You could also use an SSL client certificate as authentication and negate the need for the password to be sent altogether.