/
ENABLE_SSL - UFTP configuration option

ENABLE_SSL - UFTP configuration option

Description

The ENABLE_SSL option specifies whether UFTP will request an explicit FTPS session to the server specified by the HOST option.

Usage

Specification Method

Parameter / Value

IBM i

HP NonStop

UNIX

Windows

z/OS

Command Line, Short Form

 n/a






Command Line, Long Form

-enable_ssl opt



(tick)

(tick)

(tick)

Environment Variable

UFTPENABLESSL=opt



(tick)

(tick)

(tick)

Configuration File Keyword

enable_ssl opt



(tick)

(tick)

(tick)

Value

opt specifies whether UFTP will request an encrypted session with the FTP server that resides on HOST.

opt can be:

  • YES - request an encrypted session secured with TLS/SSL when the FTP PROTOCOL is used.
  • NO - create an unencrypted, plain-text FTP session.


Default is no for the FTP PROTOCOL option.

This option is not used when PROTOCOL is SSH (which doesn't use TLS/SSL) or when it is FTPS (in which TLS/SSL is required or "implicit").

Notes for Explicit FTPS (FTPES) Support

Explicit FTPS support was added to UFTP for Universal Agent 7.1.0.0. When an FTP server enables explicit TLS/SSL support, it allows clients to request encrypted sessions over the standard FTP port 21. This is different from implicit TLS/SSL support, which requires a connection to a unique, well-known port (990 by default) that ONLY accepts TLS/SSL-enabled client requests.

UFTP has always offered implicit FTPS support via the FTPS PROTOCOL value.

Because an FTP client may not always know whether the FTP server's port 21 is accepting SSL-enabled connections (i.e., it may only accept unencrypted, plain-text FTP sessions), explicit FTPS is not really a distinct protocol per se. Therefore, UFTP offers explicit FTPS support by applying new options and supported values to the existing FTP PROTOCOL value.

Enabling SSL Via the HOST Option

One way that UFTP provides FTPES support is by allowing the HOST value to be prefixed with ftpes://. When this prefix is used, UFTP behaves as though the -enable_ssl option were yes.