The HEASARC Transition from FTP to FTPS

As part of a general Federal policy that requires all network communications to be encrypted, the HEASARC has phased out access to unencrypted HEASARC FTP. FTP access was disabled as of September 20, 2019.

The HEASARC will still support TLS-encrypted FTP, aka, FTPS. Note that FTPS should not be confused with SFTP, which, despite its similar name, is not related to traditional FTP. Specifically the HEASARC will support explicit, passive-mode FTPS connections. Implicit FTPS is not supported, nor is active mode FTP.

Implications of This Transition for the User


Most web browsers (Chrome, Firefox, etc) do not support FTPS; however, users should normally be able to replace FTP URLs with HTTPS-based URLs, e.g., ->

Note that for the HEASARC you must specify the additional FTP directory when transforming an FTP URL to HTTPS. Thus, if you have been browsing the HEASARC archive directly by entering FTP URLs into a browser, you will need to specify the version after the changeover.


Existing scripts are likely to require some modification to handle FTPS. In some cases, the change to HTTPS URLs noted above might be all that is needed -- i.e., just switch to the secure HTTP protocol. If that is not feasible or desirable, many tools (e.g., CURL and recent versions of WGET) support FTPS, but generally these require that the user specify specific arguments to initiate an SSL-based session. Scripts using WGET or CURL with HEASARC FTP URLs will likely need to be modified to specify that an SSL session is to be used. Note that the URL that is used with WGET or CURL will usually still be specified as even after the transition to FTPS. A very nice list of FTPS supporting tools and clients is available at the Space Physics Data Facility's (SPDF) FTPS transition page .


The HEASARC has updated the CFITSIO library so that it will transparently handle both FTP and FTPS in versions of HEASoft 6.26 and greater (released May 21, 2019). When the updated library is given an FTP URL, it will first attempt one protocol and if that fails will attempt the other. In principle, FTOOLS linked with the updated library -- and scripts that use them -- should not need to be changed because of the transition.

What You Can Do

We strongly urge users to check for any FTP dependencies in their scripts and processes that access the HEASARC. You can update WGET/Curl style scripts immediately.
E.g., you can try the command
   curl --ftp-ssl -o sv.fits.Z
to retrieve a particular ROSAT image. You should be able to check whether the FTPS software you plan to use is compatible with the HEASARC's installation. WGET added support for FTPS in version 1.17 and has an --ftps-implicit argument to tell the command to use FTPS. You can check your version of WGET with 'wget --version'.

If you have questions or encounter problems, please use the HEASARC's Feedback form to let us know.

HEASARC Home | Observatories | Archive | Calibration | Software | Tools | Students/Teachers/Public

Last modified: Wednesday, 20-Oct-2021 12:43:44 EDT