INFO: TLS/SSL implicit and explicit modes difference
No encryption/plain mode
|
TLS/SSL - Explicit mode
|
TLS/SSL - Implicit mode
|
|
Communication schema:
- Client connects to the server.
- Client talks to the server over this unencrypted channel.
- Username + password is sent unecrypted.
|
Communication schema:
- Client connects to the server.
- Client explicitly requests TLS/SSL encryption to be switched on.
- Client talks to the server using encrypted channel.
- Username + password is sent encrypted.
|
Communication schema:
- Client connects to the server and
TLS/SSL encryption is switched on implicitely as soon as the channel is
established.
- Client talks to the server using encrypted channel.
- Username + password is sent encrypted.
|
Sample code:
Ftp ftp = new Rebex.Net.Ftp();
ftp.Connect("example.com",21);
|
Sample code:
Ftp ftp = new Rebex.Net.Ftp();
ftp.Connect("example.com",21,
null, FtpSecurity.Explicit);
or
Ftp ftp = new Rebex.Net.Ftp();
ftp.Connect("example.com",21);
ftp.Secure(); // request encryption
|
Sample code:
Ftp ftp = new Rebex.Net.Ftp();
ftp.Connect("example.com",21,
null, FtpSecurity.Implicit);
|
More info
- TLS/SSL Explicit mode usually uses the same port as Plain (unsecure) mode.
- TLS/SSL Implicit mode requires dedicated port.
- TLS/SSL Implicit mode cannot be run on the same port as TLS/SSL
Explicit mode.
- TLS/SSL Implicit mode cannot be run on the same port as plain
(unsecure) communication.
- The TLS/SSL protocol is the same in both Explicit and Implicit mode. Both are
equaly secure.
Common ports
Question: I've received a hostname and port. Which security mode should I use?
Answer: Following table lists common ports and their security modes.
| Protocol |
Plain port
(no encryption) |
TLS/SSL Explicit port |
TLS/SSL Implicit port |
| FTP
|
21 |
21 |
990 |
| IMAP
|
143 |
143 |
993 |
| SMTP |
25 or 587 |
25 or 587 |
465 |
| POP3
|
110 |
110 |
995 |
| HTTP |
80 |
- |
443 |
Rebex .NET components for C# and VB.NET supporting TLS/SSL