Differences
This shows you the differences between the selected revisions of the page.
2020-12-02 | 2023-10-09 | ||
mention tls 1.3 (martin) | 6.2 Change: SSL (3.0) is no longer supported. TLS 1.0 and 1.1 are disabled by default, to match the OpenSSL 3 defaults (martin) | ||
Line 10: | Line 10: | ||
===== TLS/SSL Options ===== | ===== TLS/SSL Options ===== | ||
- | Using //Minimum// and //Maximum %%TLS/SSL%% version// selections, you can configure what versions of TLS/SSL is WinSCP allowed to use. | + | Using //Minimum// and //Maximum %%TLS/SSL%% version// selections, you can configure what versions of TLS is WinSCP allowed to use. |
- | The %%SSL%% is disabled by default to protect you from its known serious vulnerabilities. Enable is only, if the server does not support %%TLS%%. You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that suffer from known vulnerabilities (currently %%TLS%% 1.0). | + | The %%TLS%% 1.0 and 1.1 are disabled by default, //in the latest beta version,// &beta to protect you from their known serious vulnerabilities. Enable them only, if the server does not support newer versions. You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that may become weak or insecure in the future. //The latest beta version does not support insecure SSL protocol of any version.// &beta |
- | You may want to restrict maximum %%TLS/SSL%% version, when there is an interoperability problem with your server. Particularly %%TLS%% 1.2 and %%TLS%% 1.3 are new and some servers do not implement them correctly. | + | You may want to restrict maximum %%TLS%% version, when there is an interoperability problem with your server. Particularly %%TLS%% 1.3 is new and some servers do not implement it correctly. |
- | Uncheck //Reuse %%TLS/SSL%% session ID for data connections//, when there is an interoperability problem with your FTPS server when reusing the %%TLS/SSL%% session ID. The option is available for FTP protocol only. | + | Uncheck //Reuse %%TLS/SSL%% session ID for data connections//, when there is an interoperability problem with your FTPS server when reusing the %%TLS%% session ID. The option is available for FTP protocol only. |
===== [[authentication]] Authentication parameters ===== | ===== [[authentication]] Authentication parameters ===== |