How to choose between TLS/SSL Implicit and Explicit mode?

  |   Martin Vobr

What’s common for FTP, POP3, IMAP, SMTP, HTTP? All those protocols share same method for encryption of communication between client and server – the TLS/SSL. TLS is just a new name for SSL version 3.1 (for details see KB article about Secure FTP).

The TLS/SSL comes in two common flavors:

  • TLS/SSL Explicit
  • TLS/SSL Implicit

What’s the difference?

Detailed description can be found at KB article about TLS/SSL implicit and explicit modes difference. Simplified explanation follows:

TLS/SSL Explicit

  • Runs on the same port as plain (unencrypted) protocol.
  • Client must ask the server to switch the encryption on.

TLS/SSL Implicit

  • Runs on a different port than plain (unencrypted) protocol.
  • Encryption is turned on automatically.

How to choose which one to use?

You may have received a hostname and port from you admin and you are wondering which version of TLS/SSL security should be used. A general rule of thumb seems to be simple:

  • If the port is the same as standard port for this protocol use the TLS/SSL Explicit
  • If the port is different use the TLS/SSL Implicit

See following KB article for standard and TLS/SSL Explicit ports for FTP, POP3, IMAP, SMTP and HTTP.

P.S. In addition to blogging, we are also using Twitter for quick updates and to share links. Follow us