FTP servers and their FTP over explicit SSL/TLS implementations

What was tested for servers supporting FTP over explicit SSL/TLS:
- SSL/TLS versions enabled by default.
- if the server responds to a SSL 2.0 compatible Client Hello by default(a TLS 1.0 one).
- if secure renegotiation is supported(not shown below if client side initiated renegotiation is enabled or if insecure renegotiation is supported).
- support for the TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) cipher suite by default.
- support for DHE-RSA based cipher suites(perfect forward secrecy support) by default.
- support for ECDHE-RSA based cipher suites(perfect forward secrecy support) by default.
- if an ADH cipher suite is enabled by default.
- if a NULL encryption cipher suite is enabled by default.

To get a list of popular FTP servers, the following Wikipedia page was used(some servers were not tested due to complexities in obtaining a trial version):
http://en.wikipedia.org/wiki/Comparison_of_FTP_server_software

Enabling FTP over explicit SSL/TLS was pretty straightforward an all tested servers.
All the tested FTP servers using a GUI for management have an option to generate a self-signed certificate, however, some, like freeFTPd, generated an MD5 self-signed certificate.

Mostly the tests were done on Windows XP SP3, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, Ubuntu 10 and Red Hat Enterprise Linux Server 6.0.
The FTP servers tested on Linux: vsftpd, ProFTPD and Pure-FTPd, were the versions shipped with Ubuntu 10 and/or Red Hat Enterprise Linux Server 6.0.
The rest of the servers were tested on Windows(some are supported on Windows only).

The tests were conducted primarily for the default configuration of the FTP over explicit SSL/TLS setups.
Some FTP servers have settings to tune SSL/TLS version or cipher suites enabled, but such settings were out of the scope of the tests.
Some FTP servers, like vsftpd, don’t really have a default configuration for FTP over explicit SSL/TLS.

Results
SSl 2.0 is still enabled by default on some servers.
SSL 3.0 is supported by all servers(and enabled by default, if a default config was provided).
TLS 1.0 is supported by all servers(and enabled by default, if a default config was provided).
Few servers enable support for TLS 1.1 by default.
IIS(7.5) on Windows Server 2008 R2 SP1 supports TLS 1.2 and TLS 1.1, but they are disabled by default.
It worth to mention that the FileZilla client supports TLS 1.2(enabled by default), but for some reasons within the signature_algorithms extension only specifies the RSA/SHA512 combo(combo disabled by default on Windows 2008 R2, anyway you need a specific certificate on the IIS FTP site for that to work).

All tested servers responded to a SSL 2.0 compatible Client Hello(a TLS 1.0 one).

Some servers support the secure renegotiation extension.

The TLS_RSA_WITH_AES_128_CBC_SHA cipher suite is supported by all tested servers, except vsftpd(either Ubuntu or Red Hat version); actually vsftpd acts a little weird, it seems to support only a 3DES based cipher suite and it replies with a SSL 2.0 Server Hello with no cipher suites list.

Some servers support perfect forward secrecy, most only using DHE(they lack ECC support), only IIS can make use of ECDHE.

With the zFTPServer a connection using an ADH cipher suite(RC4 based) was successfully established(default settings).

No servers with a NULL encryption cipher suite enabled by default were observed.

* the SSL 2.0 handshake completed but the connection was FIN-ed by the server.
** the server replied with a SSL 2.0 Server Hello with no cipher suites list.
*** disabled by default.