What are the differences between FTP Implicit and Explicit modes?

The difference between these 2 modes comes down to how the connection is established from your client to the server and what commands are issued.

Implicit

Assumes that the server is expecting everything to be encrypted and using SSL. When your client establishes a connection to the server, it immediately negotiates the SSL connection and command connection. This is normally the mode used for FTP over port 990. It is also a deprecated protocol.

Explicit

Establishes a normal (unencrypted) connection to the server. Once connected, the client will send a command to tell the server it wants to switch to an encrypted (SSL) connection. The command here is “AUTH SSL”. When the client sends this command, the server response back saying it is ready to accept the encrypted connection. This is normally done on the standard FTP port, 21.

No matter what mode you use, the data connection is always encrypted.

Recommendation

We recommend that all customers use Explicit FTP with port 21. This is the standard and prefered method for FTP security. If your FTP client supports it (such as FileZilla or WinSCP), you may want to consider using SFTP (SSH File Transfer Protocol) with port 22.