Differences
This shows you the differences between the selected revisions of the page.
| 2014-10-02 | 2014-10-16 | ||
| toc title page sections (martin) | 5.5.6: ssl 2.0/3.0 disabled by default (martin) | ||
| Line 10: | Line 10: | ||
| ===== TLS/SSL Options ===== | ===== TLS/SSL Options ===== | ||
| - | Using //Minimum// and //Maximum TLS/SSL version// selections, you can restrict what versions of TLS/SSL is WinSCP allowed to use. | + | Using //Minimum// and //Maximum TLS/SSL version// selections, you can configure what versions of TLS/SSL is WinSCP allowed to use. |
| - | You may want to restrict minimum TLS/SSL version, particularly in order to prevent WinSCP from using old versions of TLS/SSL protocols that suffer form known vulnerabilities (SSL 2.0 in particular, but also SSL 3.0 and TLS 1.0).· | + | SSL (2.0 and 3.0) is disabled by default to protect you from their known serious vulnerabilities. Enable them only, if the server does not support TLS. You may want to restrict minimum TLS version further, in order to prevent WinSCP from using versions of TLS protocol that suffer form known vulnerabilities (currently TLS 1.0). |
| You may want to restrict maximum TLS/SSL version, when there is an interoperability problem with your FTPS/WebDAVS server. Particularly TLS 1.1 and TLS 1.2 are new and some servers do not implement them correctly. | You may want to restrict maximum TLS/SSL version, when there is an interoperability problem with your FTPS/WebDAVS server. Particularly TLS 1.1 and TLS 1.2 are new and some servers do not implement them correctly. | ||