Configure the FTP SSL Encryption Policy for the Control Channel and Data Channel
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
Configure a custom SSL encryption policy when you want to specify an SSL encryption policy for the control channel and data channel separately. For example, you might encrypt the control channel to avoid passing user credentials in cleartext. Or you might encrypt the data channel to protect sensitive information from being disclosed or changed.
To configure the SSL encryption policy for the control channel and data channel
Open IIS Manager.
In the Connections pane, select the server node.
In Features View, double-click FTP SSL Settings.
Under SSL Policy, select Custom and then click Advanced.
In the Advanced SSL Policy dialog box, under Control Channel select one of the following options for SSL encryption over the control channel:
Allow: Requires SSL encryption for all users, but gives the anonymous user identity the ability to establish a connection without encryption.
Require: Requires SSL encryption for all users, including the anonymous user identity.
Require only for credentials: Requires SSL encryption for all users, but does not allow the anonymous user identity to establish an encrypted connection.
Under Data Channel, select one of the following options for SSL encryption over the data channel:
Allow: When an encrypted connection is established, data transfer is encrypted but requests for metadata (using the DIR command) return a non-encrypted reply.
Require: Requires SSL encryption over the data channel.
Deny: Denies SSL encryption over the data channel.
Click OK.
In the Actions pane, click Apply.