Port 21 is the control port for the original and unsecure FTP
protocol. Credentials and payload are
exchanged over the network unencrypted.
However file transfer over port 21 can be made secure with the newer
FTPS protocol. FTPS or FTP over SSL/TLS
can enable encryption of both the Control and Data Connections. Port 990 and 889 are defined for 'implicit'
FTPS whereby both Control and Data are encrypted: port 990 for Control, 889 for
Data. If the client connects on port
990 the assumption is that SSL/TLS encryption will be performed i.e. the port
number signifies security.
However
'explicit' FTPS runs over port 21 (the port used by original and unsecure FTP
protocol). FTP clients who connect on
port 21 and require encryption, must send AUTH SSL or AUTH TLS to the server.
If the server complies it will take steps to complete an SSL/TLS
handshake. Selective use of encryption
enables transfers to be secured according to need, with benefit of greater
speed for unencrypted exchanges.