Documentation » Configuration » Login Dialog » Advanced » Connection »

The TLS/SSL Page (Advanced Site Settings Dialog)

The TLS/SSL page on the Advanced Site Settings dialog allows you to configure options of TLS protocol for FTPS, WebDAVS and S3.


To reveal this page you need to select FTP, WebDAV or S3 file protocol and enable Encryption on Login dialog.

Refer to documentation of page sections:

TLS Options

Using Minimum and Maximum TLS version selections, you can configure what versions of TLS is WinSCP allowed to use.

The TLS 1.0 and 1.1 are disabled by default, to protect you from their known serious vulnerabilities. Enable them only, if the server does not support newer versions. You may want to restrict minimum TLS version further, in order to prevent WinSCP from using versions of TLS protocol that may become weak or insecure in the future. The insecure SSL protocol of any version is not supported.

You may want to restrict maximum TLS version, when there is an interoperability problem with your server. Particularly TLS 1.3 is new and some servers do not implement it correctly.

Uncheck Reuse TLS session ID for data connections, when there is an interoperability problem with your FTPS server when reusing the TLS session ID. The option is available for FTP protocol only.

Authentication parameters

If the server requires an authentication with a client certificate, specify a path to one in the Client certificate file box.


Further Reading

Read more about Login dialog and Advanced Site Settings dialog.

Last modified: by martin