Show Contents / Index / Search

SSL/TLS Tab (FTP Options)

Getting there (FTP Client)

The Secure Sockets Layer protocol (SSL) and its compatible successor, the Transport Layer Security protocol (TLS), enable a client and server to established a secure, encrypted connection over a public network. When you connect using SSL/TLS, the client authenticates the server before making a connection, and all data passed between Reflection and the server is encrypted.

The options are:


Use SSL/TLS Security

Enables SSL/TLS connections. You must select this before you can set other values on the SSL/TLS tab. When Use SSL/TLS security is selected, Reflection will only connect to the host if a secure SSL/TLS connection can be established.

Before making an SSL/TLS connection, Reflection must authenticate the host. Authentication is handled through the use of digital certificates. These certificates are part of the same Public Key Infrastructure (PKI) that is used to secure internet transactions. Your computer must be configured to recognize the digital certificate presented by your host and, if necessary, to provide a certificate for client authentication. If your computer is not properly configured, or if the certificates presented for authentication are not valid, you will not be able to make SSL/TLS connections. Depending on how a host certificate was issued, you may need to install a certificate on your local computer.



Configure PKI

Opens the PKI Configuration dialog box, which you can use to configure PKI settings for Reflection SSL/TLS sessions.



Encryption Strength

Specify the desired level of encryption for SSL/TLS connections. The connection will fail if this level cannot be provided.

If you select Default, any encryption level is permitted, and Reflection will negotiate with the host system to choose the strongest encryption level supported by both the host and the client. If you are running in FIPS mode and select Default, Reflection will negotiate using only FIPS compliant encryption levels.



Encrypt Data Stream

Specifies whether or not data is encrypted when the FTP client is configured to use SSL/TLS encryption.When this checkbox is selected, all communication between the your computer and the FTP server is encrypted. When this checkbox is cleared, the FTP command channel (which is used for all FTP commands, including your user name and password) is encrypted. However, the data channel (which is used for directory listings and the contents of the files you transfer) is not encrypted.



SSL/TLS version

Specifies which SSL or TLS version to use. TLS Version 1.0 is the newer protocol and is used by default.


Implicit SSL/TLS connection

By default the FTP Client makes SSL/TLS connections using Explicit security. In order to establish the SSL connection, explicit security requires that the FTP client issue a specific command (AUTH TLS) to the FTP server after establishing a connection. If the server gives a success response, the client begins the TLS negotiation. The default FTP server port (21) is used.

When you select Implicit SSL/TLS Connection, the Reflection FTP Client uses Implicit security. Implicit security automatically begins with an SSL connection as soon as the FTP client connects to the server; no AUTH TLS command is sent prior to the TLS negotiation. By default, the Reflection FTP Client uses port 990 for Implicit connections.


Connect through a NAT server

Select this setting if your FTP Client connects through a NAT (Network Address Translation) server. When this setting is selected, the FTP Client ignores IP addresses in FTP commands returned from the server.

Related Topics

Which Protocols Can I Use?

Digital Certificates in SSL/TLS Sessions