SFTP vs FTPS vs HTTPS vs OpenPGP

[Sp00n]

This is an email from a client i am dealing with:

FTP over SSL is not

on our list of supported protocols. It's also our understanding that the FTP over SSL only encrypts the client login information on the initial port and not the data flow itself, as FTP is a two port process. Trying to get FTP over SSL is difficult to get working through a firewall because of the two-port (two-connection).

For these reasons, our standard protocol selection has been (in order):

1) SSH/SFTP - single connection data stream is secure, both the authentication and data stream are secure, can use public-key authentication, supported by all standard systems.

2) HTTPS - single connection data stream is secure, supported by all standard systems.

3) OpenPGP encryption with FTP - the data stream uses public-key encryption, authentication is not secure, supported by all standard systems.

Now we run an SSL server and this is the first time that anyone has come back to us saying that that isnt secure enough. I'm trying to get an understanding of the different protocols but i can only seem to find the same definition of FTPS posted on various different websites.

How can i tell if the connection is being encrypted on both protocol and data levels?

Would anyone be able to shed a little light on the matter?