Note: With the current native SSL/TLS support in FTP, an application can negotiate the use of SSL/TLS using an FTP protocol exchange known as the AUTH command. Because FTP is not yet enabled to be an AT-TLS controlling application, in order to use AT-TLS to secure FTP file transfers (rather than just using the current native SSL/TLS support), you would need to use implicit SSL/TLS. With implicit SSL/TLS, the fact that SSL/TLS is used is hidden from the FTP application and a specific port (TCP port 990) must be used. The use of TCP port 990 "implicitly" requires the use of SSL/TLS encryption. Use of application-negotiated SSL/TLS is recommended by the IETF over the use of implicit SSL/TLS; however, implicit SSL/TLS might provide an acceptable tactical solution in your environment, allowing you to try to standardize on a single consistent encryption solution. 4.4 Restrictions The following applications will not map to AT-TLS policies and are not supported by AT-TLS: Applications using the Pascal API to access TCP/IP ­ Line Print daemon and commands LPD, LPQ, LPRM ­ Simple Mail Transfer Protocol (JES Spool Server) ­ TSO Telnet client Web servers using Fast Response Cache Accelerator Network administration applications permitted to the EZB.INITSTACK RACF profile ­ Connections established and mapped prior to the installation of the AT-TLS policy will proceed in clear text.