Differences
This shows you the differences between the selected revisions of the page.
| ui_login_tls 2025-06-16 | ui_login_tls 2026-06-03 (current) | ||
| Line 12: | Line 12: | ||
| Using //Minimum// and //Maximum %%TLS%% version// selections, you can configure what versions of TLS is WinSCP allowed to use. | Using //Minimum// and //Maximum %%TLS%% version// selections, you can configure what versions of TLS is WinSCP allowed to use. | ||
| - | The %%TLS%% 1.0 and 1.1 are disabled by default, to protect you from their known serious vulnerabilities. Enable them only, if the server does not support newer versions.((Enabling %%TLS%% 1.0 a 1.1 has an additional side effect of lowering OpenSSL security level. That allows use of insecure keys even with higher protocol versions.)) You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that may become weak or insecure in the future. The insecure SSL protocol of any version is not supported. | + | The %%TLS%% 1.0 and 1.1 are disabled by default, to protect you from their known serious vulnerabilities. Enable them only, if the server does not support newer versions.((Enabling %%TLS%% 1.0 a 1.1 has an additional side effect of lowering OpenSSL ==security level==. That allows use of insecure keys even with higher protocol versions.)) You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that may become weak or insecure in the future. The insecure SSL protocol of any version is not supported. |
| You may want to restrict maximum %%TLS%% version, when there is an interoperability problem with your server. Particularly %%TLS%% 1.3 is new and some servers do not implement it correctly. | You may want to restrict maximum %%TLS%% version, when there is an interoperability problem with your server. Particularly %%TLS%% 1.3 is new and some servers do not implement it correctly. | ||