Differences
This shows you the differences between the selected revisions of the page.
2016-01-06 | 2017-12-21 | ||
moving list of supported client certificate formats to tls (martin) | 5.12 Bug 572 Amazon S3 protocol support. (martin) | ||
Line 1: | Line 1: | ||
====== TLS/SSL Page (Advanced Site Settings Dialog) ====== | ====== TLS/SSL Page (Advanced Site Settings Dialog) ====== | ||
- | The //%%TLS/SSL%% page// on the [[ui_login_advanced|Advanced Site Settings dialog]] allows you to configure options of [[tls|TLS/SSL protocols]] for [[ftps|FTPS]] and [[webdav|WebDAVS]]. | + | The //%%TLS/SSL%% page// on the [[ui_login_advanced|Advanced Site Settings dialog]] allows you to configure options of [[tls|TLS/SSL protocols]] for [[ftps|FTPS]], [[webdav|WebDAVS]] and [[s3|S3]]. |
&screenshotpict(login_tls) | &screenshotpict(login_tls) | ||
- | To reveal this page you need to select FTP or WebDAV file protocol and enable //Encryption// on [[ui_login|Login dialog]]. | + | To reveal this page you need to select FTP or WebDAV file protocol and enable //Encryption// on [[ui_login|Login dialog]] or select S3 protocol. |
&toc_title_page_sections | &toc_title_page_sections | ||
Line 14: | Line 14: | ||
The %%SSL%% is disabled by default to protect you from its known serious vulnerabilities. Enable is only, if the server does not support %%TLS%%. You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that suffer form known vulnerabilities (currently %%TLS%% 1.0). | The %%SSL%% is disabled by default to protect you from its known serious vulnerabilities. Enable is only, if the server does not support %%TLS%%. You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that suffer form known vulnerabilities (currently %%TLS%% 1.0). | ||
- | You may want to restrict maximum %%TLS/SSL%% version, when there is an interoperability problem with your FTPS/WebDAVS server. Particularly %%TLS%% 1.1 and %%TLS%% 1.2 are new and some servers do not implement them correctly. | + | You may want to restrict maximum %%TLS/SSL%% version, when there is an interoperability problem with your server. Particularly %%TLS%% 1.1 and %%TLS%% 1.2 are new and some servers do not implement them correctly. |
Uncheck //Reuse %%TLS/SSL%% session ID for data connections//, when there is an interoperability problem with your FTPS server when reusing the %%TLS/SSL%% session ID. The option is available for FTP protocol only. | Uncheck //Reuse %%TLS/SSL%% session ID for data connections//, when there is an interoperability problem with your FTPS server when reusing the %%TLS/SSL%% session ID. The option is available for FTP protocol only. |