Explicit FTPS (FTP over TLS) requires a normal, non-encrypted connection be made, then the command "AUTH TLS" to invoke the encryption handshake.
Because that doesn't happen until after the connection is made, this test doesn't locate it. It's probably ridiculous to ask this to try and make a connection and send the command on every port it finds, but how about trying it on the standard FTP port? It won't help in discovery of unauthorized ports, but at least it could be used to test the port you know you set the server on. (Possibility of including a second list of excluded ports, being the ports -- or port ranges -- not to look for Explicit FTPS on, occurred to me, but seems like it might be one toke over the line.)
Explicit FTPS (FTP over TLS) requires a normal, non-encrypted connection be made, then the command "AUTH TLS" to invoke the encryption handshake.
Because that doesn't happen until after the connection is made, this test doesn't locate it. It's probably ridiculous to ask this to try and make a connection and send the command on every port it finds, but how about trying it on the standard FTP port? It won't help in discovery of unauthorized ports, but at least it could be used to test the port you know you set the server on. (Possibility of including a second list of excluded ports, being the ports -- or port ranges -- not to look for Explicit FTPS on, occurred to me, but seems like it might be one toke over the line.)