Differences
This shows you the differences between the selected revisions of the page.
| tls 2016-01-05 | tls 2024-02-15 (current) | ||
| Line 13: | Line 13: | ||
| The client certificate typically needs to be signed by a certificate authority trusted by the server. | The client certificate typically needs to be signed by a certificate authority trusted by the server. | ||
| + | |||
| + | Supported client certificate file formats are: | ||
| + | |||
| + | * Personal Information Exchange -- PCKS #12 (''.pfx'' or ''.p12''); | ||
| + | * Base64 encoded PEM X.509 (''.pem'' or ''.key''), either: | ||
| + | * containing both private key and the certificate; | ||
| + | * containing a private key only, with certificate in a separate file. The certificate needs to have the same base name as the private key, with ''.crt'' or ''.cer'' extensions and be in the Base64 encoded PEM X.509 format or binary DER format. | ||
| ===== Supported Cryptographic Protocols and Cipher Suites ===== | ===== Supported Cryptographic Protocols and Cipher Suites ===== | ||
| - | WinSCP supports %%TLS%% 1.0·-·1.2 and %%SSL%% 3.0. | + | WinSCP supports %%TLS%% 1.0--1.3. The %%TLS%% 1.0 and 1.1 are disabled by default, to protect you from their known serious vulnerabilities. Obsolete %%SSL%% of any version is not supported. |
| See list of [[tls_ciphersuites|supported cipher suites]]. | See list of [[tls_ciphersuites|supported cipher suites]]. | ||