You are confusing SFTP and FTPS there.

So please tell me what is the difference between FTP and SFTP.

But before we start to discuss that point lets at least agree SFTP is some sort of FTP protocol over SSL?

It's not, SFTP is a binary protocol using SSH as transport layer. FTPS is plain old FTP over SSL/TLS. They're completely different protocols that have nothing in common except being used to transfer files.

Who knows if this link is accurate:

https://en.wikipedia.org/wiki/File_Transfer_Protocol

But it says:

SSH File Transfer Protocol

The SSH file transfer protocol (chronologically the second of the two protocols abbreviated SFTP) transfers files and has a similar command set for users, but uses the Secure Shell protocol (SSH) to transfer files. Unlike FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted openly over the network. It cannot interoperate with FTP software.

This suggestion this term chronologically the second of the two protocols abbreviated SFTP is duplicitous.

FTPS is a protocol (FTP) running through an SSL socket. SFTP is totally different and based on SSH.

If you look at my post I did not say SSH I said SSL.

EDIT: I think you will find FTPS is based on TSL not SSL. TSL is an alternative to SSL.

Well regarding "TSL" I'm sure you mean TLS, and it's not just an alternative to SSL, it's an evolution to SSL. SSL nowadays is considered insecure and everything is using TLS.

About the SFTP vs FTPS, SFTP is a completely new protocol based on SSH. FTPS is the plain old FTP wrapped in a TLS/SSL socket.

> Well regarding "TSL" I'm sure you mean TLS

that is correct. That was my typo :(

> SFTP is a completely new protocol based on SSH.

If that is the case please explain the following scenario.

I wrote an editor that had FTP capabilities but it was based on the FTP RFC 913 specification using nothing but plain old sockets.

As a result, many user loved the FTP feature, but they asked for a version that would work over the SFTP protocol.

So I implemented an SFTP version of that editor by using OpenSLL to create a SSL socket. The editor just created a secure socket, but used the exact same FTP RFC 913 specification to talk to the server using that socket.

Ever user who asked for this change reported that it now worked perfectly with their SFTP (not TLS) server.

So how is that possible that my editor could implement the SFTP protocol with just a change to the way the socket was opened?

PS: If you don't believe me, you can trial that exact same SFTP (OpenSSL) editor from the link below and I'm pretty sure you'll find it still works with an SFTP server: http://www.zeusedit.com/download.html

Maybe your customer mistook their SFTP server for an FTPS server? I'm afraid I don't have a Windows machine to test your software on, but if you're curious I encourage you to set up an SSH server like OpenSSH (which provides SFTP as well) and try with that. I'd be really surprised if your FTPS implementation managed to work with it (unless OpenSSH's SFTP implements an FTPS fallback).