Question
- iperf3 reports 942Mbps
- SFTP 1GB transfer at 94~100 MB/s
- Explicit FTPS 1GB transfer at 19~23 MB/s
- Both CPU / IO load is under 20% on
htop
For nearly 99% posts I find in google says that FTP - regardless of encrypted or not - will always be faster than SFTP, and I also find it reasonable.
I spent multiple days over last few years configuring and scratching head why FTPS isn't using full bandwidth, and eventually tried SFTP. Then found out that this was 4x times the speed utilizing nearly full bandwidth.
Is there any possible explanation or vsftpd config error that made FTPS slower than SFTP?
--
To clarify the intention again, I am totally fine using SFTP from now on. I'm exhausted and out of time to fiddle more with FTPS. SFTP works flawlessly for me so I'm not trying to use FTPS again.
I am just curious that there must be reason why majority of tutorials and posts out there says FTPS is faster than SFTP, yet we're seeing exact opposite here.
Configuration
Skipping detailed Server/Client HW info, as iperf3 & SFTP already proved that this isn't Server/Client performance issue.
1 Home Router with 2Gbit/s HW NAT
- iptime a2003ns-mu (Uses RTL8197F)
vsftpd server behind router with 1G link speed
- Debian 12.2.0-14
- ASRock J4105m
- vsftpd 3.0.3
client PC behind router at 1G link speed
- Win11 Edu
- FileZilla 3.66.4
Uses TLSv1.2 on FTP for outside connection
Situation
- Accessing FTP server's files from local network
vsftpd config
# General
pam_service_name=vsftpd
utf8_filesystem=YES
dirmessage_enable=YES
xferlog_enable=YES
Connectivity
listen=YES
listen_ipv6=NO
connect_from_port_20=YES
Security
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
chroot
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
allow_writeable_chroot=YES
Certs
rsa_cert_file=/etc/letsencrypt/live/[REDACTED]/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/[REDACTED]/privkey.pem
Explicit SSL
ssl_enable=YES
force_local_logins_ssl=YES
force_local_data_ssl=YES
allow_anon_ssl=NO
require_ssl_reuse=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_ciphers=HIGH
Passive mode
pasv_addr_resolve=YES
pasv_address=[REDACTED].com
pasv_enable=YES
pasv_min_port=12000
pasv_max_port=13000
Preventing error using local address connection
pasv_promiscuous=yes
Speed data
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 113 MBytes 950 Mbits/sec 0 218 KBytes
[ 5] 1.00-2.00 sec 112 MBytes 942 Mbits/sec 0 218 KBytes
[ 5] 2.00-3.00 sec 112 MBytes 938 Mbits/sec 0 218 KBytes
[ 5] 3.00-4.00 sec 112 MBytes 942 Mbits/sec 0 218 KBytes
[ 5] 4.00-5.00 sec 112 MBytes 942 Mbits/sec 0 218 KBytes
[ 5] 5.00-6.00 sec 112 MBytes 941 Mbits/sec 0 218 KBytes
[ 5] 6.00-7.00 sec 113 MBytes 944 Mbits/sec 0 218 KBytes
[ 5] 7.00-8.00 sec 112 MBytes 940 Mbits/sec 0 218 KBytes
[ 5] 8.00-9.00 sec 112 MBytes 942 Mbits/sec 0 218 KBytes
[ 5] 9.00-10.00 sec 112 MBytes 942 Mbits/sec 0 218 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 1.10 GBytes 942 Mbits/sec 0 sender
[ 5] 0.00-10.00 sec 1.10 GBytes 941 Mbits/sec receiver
