This is an old revision of the document!
TLS/SSL Page (Advanced Site Settings Dialog)
The TLS/SSL page on the Advanced Site Settings dialog allows you to configure options of TLS/SSL protocols for FTPS and WebDAVS.
Advertisement
To reveal this page you need to select FTP or WebDAV file protocol and enable Encryption on Login dialog.
Refer to documentation of page sections:
TLS/SSL Options
Using Minimum and Maximum TLS/SSL version selections, you can configure what versions of TLS/SSL is WinSCP allowed to use.
The SSL is disabled by default to protect you from its known serious vulnerabilities. Enable is only, if the server does not support TLS. You may want to restrict minimum TLS version further, in order to prevent WinSCP from using versions of TLS protocol that suffer form known vulnerabilities (currently TLS 1.0).
You may want to restrict maximum TLS/SSL version, when there is an interoperability problem with your FTPS/WebDAVS server. Particularly TLS 1.1 and TLS 1.2 are new and some servers do not implement them correctly.
Uncheck Reuse TLS/SSL session ID for data connections, when there is an interoperability problem with your FTPS server when reusing the TLS/SSL session ID. The option is available for FTP protocol only.
Authentication parameters
If the server requires an authentication with a client certificate, specify path to one in the Client certificate file box.
Supported client certificate file formats are:
- Personal Information Exchange - PCKS #12 (
.pfx
or.p12
); - Base64 encoded PEM X.509 (
.pem
or.key
), either:- containing both private key and the certificate;
- containing a private key only, with certificate in a separate file. The certificate needs to have the same base name as the private key, with
.crt
or.cer
extensions and be in the Base64 encoded PEM X.509 format.
Advertisement
Further Reading
Read more about Login dialog and Advanced Site Settings dialog.