Differences
This shows you the differences between the selected revisions of the page.
| 2024-02-15 | 2025-06-16 (current) | ||
| 6.3 stable released (martin) | side effect of enabling tls 1.0/1.1 (martin) | ||
| Line 12: | Line 12: | ||
| Using //Minimum// and //Maximum %%TLS%% version// selections, you can configure what versions of TLS is WinSCP allowed to use. | Using //Minimum// and //Maximum %%TLS%% version// selections, you can configure what versions of TLS is WinSCP allowed to use. | ||
| - | The %%TLS%% 1.0 and 1.1 are disabled by default, to protect you from their known serious vulnerabilities. Enable them only, if the server does not support newer versions. You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that may become weak or insecure in the future. The insecure SSL protocol of any version is not supported. | + | The %%TLS%% 1.0 and 1.1 are disabled by default, to protect you from their known serious vulnerabilities. Enable them only, if the server does not support newer versions.((Enabling %%TLS%% 1.0 a 1.1 has an additional side effect of lowering OpenSSL security level. That allows use of insecure keys even with higher protocol versions.)) You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that may become weak or insecure in the future. The insecure SSL protocol of any version is not supported. |
| You may want to restrict maximum %%TLS%% version, when there is an interoperability problem with your server. Particularly %%TLS%% 1.3 is new and some servers do not implement it correctly. | You may want to restrict maximum %%TLS%% version, when there is an interoperability problem with your server. Particularly %%TLS%% 1.3 is new and some servers do not implement it correctly. | ||