This is an old revision of the document!
Transport Layer Security
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over the Internet. They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties.1
TLS/SSL Server Certificates
Much like HTTPS, but unlike SSH, FTPS and WebDAVS servers must provide a public key certificate. This certificate must be signed by a certificate authority.
Advertisement
If it is not, WinSCP will generate a warning stating that the certificate is not valid. Whether or not to trust such certificate is your choice. If you are connecting within a company network, you might feel that all the network users are on the same side and spoofing attacks are unlikely, so you might choose to trust the certificate without checking it. If you are connecting across a hostile network (such as the Internet), you should check with your system administrator, perhaps by telephone or in person.
Learn also how to accept certificate automatically in script.
TLS/SSL Client Certificates
The FTPS and WebDAVS servers may optionally require user to authenticate with a client certificate.
The client certificate typically needs to be signed by a certificate authority trusted by the server.
Supported Cryptographic Protocols and Cipher Suites
WinSCP supports TLS 1.0 - 1.2 and SSL 3.0.
See list of supported cipher suites.
- The text is partially copied from Wikipedia article on Transport Layer Security. The text is licensed under GNU Free Documentation License.Back