Differences
This shows you the differences between the selected revisions of the page.
| ui_login_tls 2013-08-12 | ui_login_tls 2024-02-15 (current) | ||
| Line 1: | Line 1: | ||
| - | ====== TLS/SSL Page (Advanced Site Settings Dialog) ====== | + | ====== The TLS/SSL Page (Advanced Site Settings Dialog) ====== |
| - | The //TLS/SSL page// on the Advanced Site Settings allows you to configure options of TLS/SSL protocols for [[ftps|FTPS]]. | + | The //%%TLS/SSL%% page// on the [[ui_login_advanced|Advanced Site Settings dialog]] allows you to configure options of [[tls|TLS protocol]] for [[ftps|FTPS]], [[webdav|WebDAVS]] and [[s3|S3]]. |
| - | + | ||
| - | &beta_feature | + | |
| &screenshotpict(login_tls) | &screenshotpict(login_tls) | ||
| - | The page is available for [[ftps|FTPS protocol]] only. | + | To reveal this page you need to select FTP, WebDAV or S3 file protocol and enable //Encryption// on [[ui_login|Login dialog]]. |
| + | |||
| + | &toc_title_page_sections | ||
| + | |||
| + | ===== TLS Options ===== | ||
| + | |||
| + | Using //Minimum// and //Maximum %%TLS%% version// selections, you can configure what versions of TLS is WinSCP allowed to use. | ||
| + | |||
| + | The %%TLS%% 1.0 and 1.1 are disabled by default, to protect you from their known serious vulnerabilities. Enable them only, if the server does not support newer versions. You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that may become weak or insecure in the future. The insecure SSL protocol of any version is not supported. | ||
| + | |||
| + | You may want to restrict maximum %%TLS%% version, when there is an interoperability problem with your server. Particularly %%TLS%% 1.3 is new and some servers do not implement it correctly. | ||
| + | |||
| + | Uncheck //Reuse %%TLS%% session ID for data connections//, when there is an interoperability problem with your FTPS server when reusing the %%TLS%% session ID. The option is available for FTP protocol only. | ||
| - | ===== TLS/SSL Options ===== | + | ===== [[authentication]] Authentication parameters ===== |
| - | Using //Minimum// and //Maximum TLS/SSL version// selections, you can restrict what versions of TLS/SSL is WinSCP allowed to use. | + | If the server requires an authentication with [[tls#client_certificate|a client certificate]], specify a path to one in the //Client certificate file// box. |
| - | You may want to restrict minimum TLS/SSL version, particularly in order to prevent WinSCP from using old versions of TLS/SSL protocols that suffer form known vulnerabilities (SSL 2.0 in particular, but also SSL 3.0 and TLS 1.0). | ||
| - | You may want to restrict maximum TLS/SSL version, when there is an interoperability problem with your FTPS server. Particularly TLS 1.1 and TLS 1.2 are new and some servers to not implement them correctly. | + | ===== Further Reading ===== |
| + | Read more about [[ui_login|Login dialog]] and [[ui_login_advanced|Advanced Site Settings dialog]]. | ||