Port 990

The use of port 990 to implicitly protect FTP sessions was included in the early drafts of the IETF documents that describe how to use TLS with FTP, but has been removed from later drafts and from RFC 4217. For more information, see Information APAR II13516.

Port 990 is known as the protected port, or the TLSPORT. You can disable implicit security for port 990, or reassign the protected port, by coding the TLSPORT statement in the server's FTP.DATA configuration file.

Rule: If you start the FTP server on the protected port, you should code a SECUREIMPLICITZOS statement in the server's FTP.DATA file to specify when the server should expect the client to negotiate TLS security.

The FTP server can provide explicit TLS security on a different port by specifying the following definitions in FTP.DATA:

EXTENSIONS AUTH_TLS
SECURE_FTP REQUIRED
SECURE_CTRLCONN PRIVATE
SECURE_DATACONN PRIVATE
Parent topic: Customizing Transport Layer Security and Kerberos security