FTP over SSL (Explicit)
Explicit security requires that the FTP client issues a specific command to the FTP server after establishing a connection to establish the SSL link. In explicit SSL (or in TLS) the FTP client needs to send an explicit command ( i.e. “AUTH SSL” or “AUTH TLS”) to FTP server to initiate a secure control connection. The default FTP server port is used. This formal method is documented in RFC 2228.
FTP over SSL (Implicit)
Implicit security is a mechanism by which security is automatically turned on as soon as the FTP client makes a connection to an FTP server. In this case, the FTP server defines a specific port for the client (990) to be used for secure connections.