Documentation » Configuration » Login Dialog » Advanced » Connection »

The TLS/SSL Page (Advanced Site Settings Dialog)

The TLS/SSL page on the Advanced Site Settings dialog allows you to configure options of TLS/SSL protocols for FTPS, WebDAVS and S3.


To reveal this page you need to select FTP or WebDAV file protocol and enable Encryption on Login dialog or select S3 protocol.

Refer to documentation of page sections:

TLS/SSL Options

Using Minimum and Maximum TLS/SSL version selections, you can configure what versions of TLS/SSL is WinSCP allowed to use.

The SSL is disabled by default to protect you from its known serious vulnerabilities. Enable is only, if the server does not support TLS. You may want to restrict minimum TLS version further, in order to prevent WinSCP from using versions of TLS protocol that suffer from known vulnerabilities (currently TLS 1.0).

You may want to restrict maximum TLS/SSL version, when there is an interoperability problem with your server. Particularly TLS 1.2 and TLS 1.3 are new and some servers do not implement them correctly.

Uncheck Reuse TLS/SSL session ID for data connections, when there is an interoperability problem with your FTPS server when reusing the TLS/SSL session ID. The option is available for FTP protocol only.

Authentication parameters

If the server requires an authentication with a client certificate, specify a path to one in the Client certificate file box.

Further Reading

Read more about Login dialog and Advanced Site Settings dialog.


Last modified: by martin