The option
Require_Encrypted_Auth only works for explicit SSL, obviously. Since in implicit mode, the SSL negotiation occurs when connecting, whereas explicit only negotiates after "AUTH SSL/TLS". Simply put, there is no way to exclude a user/group/etc. from implicit SSL since all connections must be secure.
You could easily create a second FTP service without implicit SSL and restrict it only to that user.
Code:
[FTP_Service]
Type = FTP
Device_Name = Any
Port = 1234
Description = My FTP Service
User_Limit = 10
Allowed_Users = *
Messages = ..\text\ftp
### Encryption
Require_Encrypted_Auth = !*
Require_Encrypted_Data = !*
Certificate_Name = 192.168.1.10
Explicit_Encryption = True
Encryption_Protocol = TLS
Min_Cipher_Strength = 128
Max_Cipher_Strength = 256
[FTP_Service_Bot]
Type = FTP
Device_Name = Any
Port = 12345
Description = My FTP Service
User_Limit = 10
Allowed_Users = -sitebot
Messages = ..\text\ftp
[Network]
Active_Services = FTP_Service FTP_Service_Bot ...