What is Port 990?

by Erik Mikac | Published on June 25, 2025

Quick Definition: Port 990 is used for FTPS (File Transfer Protocol Secure), which is an extension of FTP that adds support for TLS/SSL encryption. It ensures secure file transfers by encrypting both the command and data channels.

If you’ve ever configured a secure file transfer or sniffed network packets with Wireshark, you might have stumbled across Port 990. This port is a key player in the world of FTPS (File Transfer Protocol Secure) by encrypting both command and data channels for secure file transfers.

While ports like 21 (FTP) or 22 (SSH) get more attention, Port 990 is critical for secure transfer setups, particularly in legacy systems. In this article, we’ll explore Port 990, its uses, and how it compares to other protocols. Lastly, we'll look at key considerations for security and troubleshooting.

What is Port 990?

First, let's define a network port. A port is a logical endpoint for communication. There are 65,535 in all, and the Internet Assigned Numbers Authority (IANA) assigns them specific roles. 

Port 990 is the default port for the control channel in implicit FTPS. Basically, it handles commands and session negotiation and it works hand-in-hand with Port 989. As opposed to port 990, port 989 manages the data channel for actual file transfers.

FTPS is similar to FTP, but with SSL/TLS encryption. In implicit FTPS, encryption kicks in immediately upon connection. That said, it requires clients to establish a secure session from the get-go. Port 990 ensures that commands, such as login credentials or file transfer instructions, are encrypted. FTPS is essential for secure communication in environments like banking, healthcare, or defense.

Technical Details

• Protocol: TCP (SSL/TLS demands a reliable, connection-oriented protocol, so UDP isn’t used).

• Purpose: Port 989 manages the control channel for FTPS in implicit mode, encrypting commands and session details.

• Use Case: Secures exchanges in compliance-driven industries like finance or healthcare.

Port 990’s reliance on SSL/TLS makes it a cornerstone for organizations needing robust, encrypted file transfer protocols.

What is Port 990 Used For?

Port 990 is dedicated to the control channel in implicit FTPS. It handles tasks like authentication, command issuance, and session negotiation. Unlike Port 989, which transfers the actual file payloads, Port 990 ensures that the instructions guiding those transfers remain secure. This separation of duties keeps both control and data channels encrypted.

Common applications for port 990 include: 

• Secure File Transfers: Enterprises use FTPS with Port 990 to exchange sensitive data, such as financial records or patient information.

• Legacy Systems: Older managed file transfer (MFT) servers or applications rely on implicit FTPS for compatibility.

• Compliance-Driven Environments: Industries subject to PCI, HIPAA, or SOX regulations leverage Port 990 for encrypted command channels.

FTPS vs. FTP vs. SFTP

While Port 990 remains relevant for specific use cases, its usage has waned as newer protocols like SFTP gain traction. File transfer protocols can be confusing; let’s clarify how FTPS on Port 990 compares to its cousins, FTP and SFTP.

FTP (Ports 20/21)

• Unencrypted, leaving data vulnerable to eavesdropping.

• Uses Port 21 for commands and Port 20 for data.

• Suitable for non-sensitive transfers but insecure for modern needs.

FTPS (Ports 989/990)

• Encrypted with SSL/TLS, securing both control (Port 990) and data (Port 989) channels.

• Supports implicit mode (always encrypted) and explicit mode (encryption negotiated).

• Ideal for environments requiring SSL/TLS but complex to configure.

SFTP (Port 22)

• Runs over SSH, using a single port for both commands and data.

• Simpler and more firewall-friendly than FTPS.

• Not FTP-based; it’s a distinct protocol with broad modern adoption.

Those are the three most common transfer protocols. That said, FTPS on Port 990 offers strong encryption but is often overshadowed by SFTP’s simplicity and single-port design.

Security Considerations for Port 990

Port 990’s use of SSL/TLS makes it far more secure than plain FTP. Unfortunately, though, it’s not bulletproof. Try to keep the following in mind:

SSL/TLS Benefits

The benefits of this port include: 

• Confidentiality: Encrypts commands and credentials, preventing unauthorized access.

• Integrity: Ensures commands aren’t tampered with during transit.

• Authentication: Verifies server identity via TLS certificates, reducing man-in-the-middle risks.

Think of SSL/TLS as the CIA triad: Confidentiality, Integrity, and Authentication.

Potential Vulnerabilities

While Port 990 enhances security, poor configuration or outdated implementations can still leave your FTPS server exposed to risk. Here's what to keep in mind: 

• Misconfigured Certificates: Expired or untrusted certificates can disrupt connections or expose vulnerabilities.

• Port Exposure: Public-facing servers with Port 990 open may attract attackers scanning for FTPS weaknesses.

• Legacy Protocol Risks: Implicit FTPS is less flexible than explicit FTPS or SFTP, and older implementations may use outdated TLS versions.

Best Practices

Follow these best practices to reduce risk and ensure encrypted data stays protected during your FTPS implementation on Port 990.

• Use Trusted Certificates: Deploy valid SSL/TLS certificates from reputable Certificate Authorities (CAs).

• Restrict Port Access: Configure firewalls to allow Port 990 traffic only from trusted IP ranges.

• Update Software: Ensure FTPS servers and clients support modern TLS versions (e.g., TLS 1.3) and disable deprecated protocols like SSLv3.

• Monitor Traffic: Use intrusion detection systems to spot unusual activity on Port 990.

Troubleshooting Port 990

Issues with Port 990 often appear as connection failures, login issues, or TLS errors. Here are common problems and fixes:

• Firewall Blocks: Port 990 (or 989 for data) may be blocked, especially in passive or active FTPS modes.

• Certificate Errors: Expired or mismatched TLS certificates can prevent secure connections.

• TLS Handshake Failures: Incompatible TLS versions or cipher suites may disrupt session negotiation.

Troubleshooting Methodologies

If you do run into issues with port 990, these steps will help you locate the issue: 

• Check Port Status: Use netstat -tuln | grep 990 (Linux) or netstat -an | find "990" (Windows) to verify Port 990 is open.

• Test Connectivity: Run nc -zv <server-ip> 990 to confirm reachability.

• Inspect Traffic: Use Wireshark to capture FTPS traffic and diagnose TLS handshake issues.

• Review Logs: Check FTPS server logs (e.g., FileZilla Server or vsftpd) for errors related to Port 990.

• Validate Certificates: Ensure the server’s TLS certificate is valid and trusted by the client.

Port 990 FAQs

What’s the Difference Between Implicit and Explicit FTPS?

Implicit FTPS (Port 990) requires encryption from the start. On the other hand, explicit FTPS (Port 21) negotiates encryption via the STARTTLS command.

Is Port 990 Still Used?

Yes, but primarily in legacy systems or specific compliance-driven environments. SFTP and explicit FTPS are more common today.

Can I Use Port 21 with FTPS Instead?

Yes, explicit FTPS uses Port 21 with STARTTLS for encryption, but it’s distinct from implicit FTPS on Port 990.

Do You Have to Use Port 990 for FTPS?

No, FTPS can use other ports, but Port 990 is the default for implicit FTPS.

Does SFTP Use Port 990?

No, SFTP uses Port 22 over SSH and is unrelated to FTPS.

How Do I Check if Port 990 is Open?

Use tools like nc -zv <server-ip> 990 or telnet <server-ip> 990 to test connectivity.

Should I Block Port 990?

Only block it if you’re not using implicit FTPS. If FTPS is required, ensure Ports 990 (control) and 989 (data) are open and secured.

Final Thoughts

Port 990 is a vital cog in the machinery of implicit FTPS, securing the control channel for encrypted file transfer commands. Its role in legacy systems and compliance-driven environments really proves its importance. 

Remember, proper certificate configuration, modern TLS protocols, and tight firewall rules are critical. While FTPS on Port 990 is robust, SFTP’s simplicity and single-port design have made it the go-to for modern file transfers. If you’re managing a system that relies on Port 990, understanding its nuances ensures secure and reliable operations. For greenfield projects, however, consider SFTP to future-proof your setup.