FTPS data channel security - what is this?
Posted: Wed Oct 29, 2025 2:22 pm
Hi all,
Long story short, I'm trying to get our 3rd party FTP connections to connect using FTPS Explicit (FTP Server is IIS, which is why I can't use SFTP).
I'm testing with AndFTP - and in most cases testing is going well.
However, once I set IIS to 'require' SSL, I'm unable to LIST the FTP folder, with '534 Protection Level Negotiation Failed', UNLESS I change 'FTPS Data Channel Security' to 'Private' from 'Clear' in AndFTP.
This is fine for me, I can update this for all my connections and prove they work.
However, I have one 3rd party using a PHP script to make their FTP connection.
Their error is slightly different: 'Connection timed out' (after literally milliseconds) - but like when I get the issue with AndFTP, they can, and I can, create files and folders successfully, we just can't see them (unless I set the FTPS Data Channel Security to Private).
So I'm convinced its the same issue, just being presented differently because its different clients.
But what exactly does 'FTPS Data Channel Security' do - this seems to be an 'AndFTP' named feature, so googling it isn't helping me. But what it actually does must be some sort of 'standard' - can someone give me a better description of what it changes, so I can start looking into PHP options to add whatever needs adding, to make it work through PHP?
Hope that makes sense, and thanks in advance.
Mark
Long story short, I'm trying to get our 3rd party FTP connections to connect using FTPS Explicit (FTP Server is IIS, which is why I can't use SFTP).
I'm testing with AndFTP - and in most cases testing is going well.
However, once I set IIS to 'require' SSL, I'm unable to LIST the FTP folder, with '534 Protection Level Negotiation Failed', UNLESS I change 'FTPS Data Channel Security' to 'Private' from 'Clear' in AndFTP.
This is fine for me, I can update this for all my connections and prove they work.
However, I have one 3rd party using a PHP script to make their FTP connection.
Their error is slightly different: 'Connection timed out' (after literally milliseconds) - but like when I get the issue with AndFTP, they can, and I can, create files and folders successfully, we just can't see them (unless I set the FTPS Data Channel Security to Private).
So I'm convinced its the same issue, just being presented differently because its different clients.
But what exactly does 'FTPS Data Channel Security' do - this seems to be an 'AndFTP' named feature, so googling it isn't helping me. But what it actually does must be some sort of 'standard' - can someone give me a better description of what it changes, so I can start looking into PHP options to add whatever needs adding, to make it work through PHP?
Hope that makes sense, and thanks in advance.
Mark