Differences
This shows you the differences between the selected revisions of the page.
| ui_login_tls 2016-01-05 | ui_login_tls 2024-02-15 (current) | ||
| Line 1: | Line 1: | ||
| - | ====== TLS/SSL Page (Advanced Site Settings Dialog) ====== | + | ====== The TLS/SSL Page (Advanced Site Settings Dialog) ====== |
| - | The //%%TLS/SSL%% page// on the [[ui_login_advanced|Advanced Site Settings dialog]] allows you to configure options of [[tls|TLS/SSL protocols]] for [[ftps|FTPS]] and [[webdav|WebDAVS]]. | + | The //%%TLS/SSL%% page// on the [[ui_login_advanced|Advanced Site Settings dialog]] allows you to configure options of [[tls|TLS protocol]] for [[ftps|FTPS]], [[webdav|WebDAVS]] and [[s3|S3]]. |
| &screenshotpict(login_tls) | &screenshotpict(login_tls) | ||
| - | To reveal this page you need to select FTP or WebDAV file protocol and enable //Encryption// on [[ui_login|Login dialog]]. | + | To reveal this page you need to select FTP, WebDAV or S3 file protocol and enable //Encryption// on [[ui_login|Login dialog]]. |
| &toc_title_page_sections | &toc_title_page_sections | ||
| - | ===== TLS/SSL Options ===== | + | ===== TLS Options ===== |
| - | Using //Minimum// and //Maximum %%TLS/SSL%% version// selections, you can configure what versions of TLS/SSL is WinSCP allowed to use. | + | Using //Minimum// and //Maximum %%TLS%% version// selections, you can configure what versions of TLS is WinSCP allowed to use. |
| - | The %%SSL%% is disabled by default to protect you from its known serious vulnerabilities. Enable is only, if the server does not support %%TLS%%. You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that suffer form known vulnerabilities (currently %%TLS%% 1.0). | + | The %%TLS%% 1.0 and 1.1 are disabled by default, to protect you from their known serious vulnerabilities. Enable them only, if the server does not support newer versions. You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that may become weak or insecure in the future. The insecure SSL protocol of any version is not supported. |
| - | You may want to restrict maximum %%TLS/SSL%% version, when there is an interoperability problem with your FTPS/WebDAVS server. Particularly %%TLS%% 1.1 and %%TLS%% 1.2 are new and some servers do not implement them correctly. | + | You may want to restrict maximum %%TLS%% version, when there is an interoperability problem with your server. Particularly %%TLS%% 1.3 is new and some servers do not implement it correctly. |
| - | Uncheck //Reuse %%TLS/SSL%% session ID for data connections//, when there is an interoperability problem with your FTPS server when reusing the %%TLS/SSL%% session ID. The option is available for FTP protocol only. | + | Uncheck //Reuse %%TLS%% session ID for data connections//, when there is an interoperability problem with your FTPS server when reusing the %%TLS%% session ID. The option is available for FTP protocol only. |
| ===== [[authentication]] Authentication parameters ===== | ===== [[authentication]] Authentication parameters ===== | ||
| Line 22: | Line 22: | ||
| If the server requires an authentication with [[tls#client_certificate|a client certificate]], specify a path to one in the //Client certificate file// box. | If the server requires an authentication with [[tls#client_certificate|a client certificate]], specify a path to one in the //Client certificate file// box. | ||
| - | Supported client certificate file formats are: | ||
| - | |||
| - | * Personal Information Exchange - PCKS #12 (''.pfx'' or ''.p12''); | ||
| - | * Base64 encoded PEM X.509 (''.pem'' or ''.key''), either: | ||
| - | * containing both private key and the certificate; | ||
| - | * containing a private key only, with certificate in a separate file. The certificate needs to have the same base name as the private key, with ''.crt'' or ''.cer'' extensions and be in the Base64 encoded PEM X.509 format. | ||
| ===== Further Reading ===== | ===== Further Reading ===== | ||
| Read more about [[ui_login|Login dialog]] and [[ui_login_advanced|Advanced Site Settings dialog]]. | Read more about [[ui_login|Login dialog]] and [[ui_login_advanced|Advanced Site Settings dialog]]. | ||