Differences
This shows you the differences between the selected revisions of the page.
| ui_login_tls 2013-12-20 | ui_login_tls 2024-02-15 (current) | ||
| Line 1: | Line 1: | ||
| - | ====== TLS/SSL Page (Advanced Site Settings Dialog) ====== | + | ====== The TLS/SSL Page (Advanced Site Settings Dialog) ====== |
| - | The //TLS/SSL page// on the [[ui_login_advanced|Advanced Site Settings dialog]] allows you to configure options of TLS/SSL protocols for [[ftps|FTPS]]. | + | The //%%TLS/SSL%% page// on the [[ui_login_advanced|Advanced Site Settings dialog]] allows you to configure options of [[tls|TLS protocol]] for [[ftps|FTPS]], [[webdav|WebDAVS]] and [[s3|S3]]. |
| &screenshotpict(login_tls) | &screenshotpict(login_tls) | ||
| - | To reveal this page you need to select FTP file protocol and enable //Encryption// on [[ui_login|Login dialog]]. | + | To reveal this page you need to select FTP, WebDAV or S3 file protocol and enable //Encryption// on [[ui_login|Login dialog]]. |
| - | ===== TLS/SSL Options ===== | + | &toc_title_page_sections |
| - | Using //Minimum// and //Maximum TLS/SSL version// selections, you can restrict what versions of TLS/SSL is WinSCP allowed to use. | + | ===== TLS Options ===== |
| - | You may want to restrict minimum TLS/SSL version, particularly in order to prevent WinSCP from using old versions of TLS/SSL protocols that suffer form known vulnerabilities (SSL 2.0 in particular, but also SSL 3.0 and TLS 1.0). | + | Using //Minimum// and //Maximum %%TLS%% version// selections, you can configure what versions of TLS is WinSCP allowed to use. |
| - | You may want to restrict maximum TLS/SSL version, when there is an interoperability problem with your FTPS server. Particularly TLS 1.1 and TLS 1.2 are new and some servers to not implement them correctly. | + | The %%TLS%% 1.0 and 1.1 are disabled by default, to protect you from their known serious vulnerabilities. Enable them only, if the server does not support newer versions. You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that may become weak or insecure in the future. The insecure SSL protocol of any version is not supported. |
| + | |||
| + | You may want to restrict maximum %%TLS%% version, when there is an interoperability problem with your server. Particularly %%TLS%% 1.3 is new and some servers do not implement it correctly. | ||
| + | |||
| + | Uncheck //Reuse %%TLS%% session ID for data connections//, when there is an interoperability problem with your FTPS server when reusing the %%TLS%% session ID. The option is available for FTP protocol only. | ||
| + | |||
| + | ===== [[authentication]] Authentication parameters ===== | ||
| + | |||
| + | If the server requires an authentication with [[tls#client_certificate|a client certificate]], specify a path to one in the //Client certificate file// box. | ||
| - | Uncheck //Reuse TLS/SSL session ID for data connections//, when there is an interoperability problem with your FTPS server when reusing the TLS/SSL session ID. | ||
| ===== Further Reading ===== | ===== Further Reading ===== | ||
| Read more about [[ui_login|Login dialog]] and [[ui_login_advanced|Advanced Site Settings dialog]]. | Read more about [[ui_login|Login dialog]] and [[ui_login_advanced|Advanced Site Settings dialog]]. | ||