Your best friend for file transfer.

Fetch application logoFetch
Fetch Icon Fetch Help > Concepts > FTP with TLS/SSL (FTPS)

Fetch supports using FTP with TLS/SSL (also known as FTPS) to connect securely to servers.

When you connect to a server using FTP with TLS/SSL, encryption is used to protect the connection between your Macintosh and the server. This protects your password and optionally your data, preventing an eavesdropper from capturing or stealing them as they travel over the network. TLS stands for "Transport Layer Security," and SSL stands for "Secure Sockets Layer." TLS is a newer version of the SSL protocol.

There are three different methods of establishing FTP with TLS/SSL connections; Fetch only supports two of them. The two supported methods are:

  • "AUTH TLS," also known as "FTPES," "Explicit SSL," or "Explicit FTPS." This is the preferred method according to the RFC that defines FTP with TLS/SSL.
  • "SSL connect," also known as "Implicit SSL" or "Implicit FTPS." This is an older and no longer encouraged method of establishing FTP with TLS/SSL, but it is still somewhat common.

The third method, "AUTH SSL," is also no longer encouraged and is not supported by Fetch.

To connect to a server using FTP with TLS/SSL, choose FTP with TLS/SSL from the Connect using pop-up menu in the New Connection dialog. When you do this, Fetch will try to connect using Explict SSL (FTPES) by default.

If you want to use the SSL connect (Implicit SSL) method, you must choose FTP with TLS/SSL and also enter 990 in the port field of the New Connection dialog. You may need to click the New Connection dialog's disclosure button to display the Port field. If you do not enter this specific port number, Fetch will try to establish an FTP with TLS/SSL connection using AUTH TLS.

Choosing FTP with TLS/SSL enables the Enable Encryption checkbox. If this box is checked, all of your communication will be protected; otherwise only your password will be protected, but performance may be better. Some servers do not support encrypting data when using FTP with TLS/SSL.

To use FTP with TLS/SSL for secure connections in Fetch, the server you are connecting to must support FTP with TLS/SSL connections. Not all servers support FTP with TLS/SSL connections; if you try to connect with FTP with TLS/SSL to a server that doesn't support it, you will receive an error. Your network administrator or service provider can tell you if your server supports FTP with TLS/SSL.

Servers that support FTP with TLS/SSL have a certificate that Fetch uses to verify the security and identity of the server. A server's certificate is issued by a certificate authority, which also vouches for the legitimacy of the certificate by digitally signing it. Your Macintosh has a list of certificate authorities that it trusts, and if the server's certificate is signed by one of those authorities, it will be accepted automatically. However, if the certificate is expired, or not signed by a trusted authority, or has another problem, Fetch will display a warning asking you whether you want to continue connecting to the server or not. For more information about the warning, see the Verify Certificate dialog help topic.

While both are secure file transfer protocols and have similar names, FTP with TLS/SSL (FTPS) should not be confused with SFTP (SSH File Transfer Protocol). SFTP is a completely separate protocol from FTP; whereas FTP with TLS/SSL uses the same protocol as FTP, but is wrapped in an encryption layer.

Fetch supports a special URL format for specifying FTP with TLS/SSL connections; FTP with TLS/SSL URLs start with "ftps://" and have an option at the end to specify whether to use encryption or not. See the Uniform Resource Locators (URLs) help topic for more information.

For more information about security in Fetch, see the Security help topic.