Differences
This shows you the differences between the selected revisions of the page.
| ui_login_tls 2020-12-02 | ui_login_tls 2024-02-15 (current) | ||
| Line 1: | Line 1: | ||
| ====== The TLS/SSL Page (Advanced Site Settings Dialog) ====== | ====== The TLS/SSL Page (Advanced Site Settings Dialog) ====== | ||
| - | The //%%TLS/SSL%% page// on the [[ui_login_advanced|Advanced Site Settings dialog]] allows you to configure options of [[tls|TLS/SSL protocols]] for [[ftps|FTPS]], [[webdav|WebDAVS]] and [[s3|S3]]. | + | The //%%TLS/SSL%% page// on the [[ui_login_advanced|Advanced Site Settings dialog]] allows you to configure options of [[tls|TLS protocol]] for [[ftps|FTPS]], [[webdav|WebDAVS]] and [[s3|S3]]. |
| &screenshotpict(login_tls) | &screenshotpict(login_tls) | ||
| - | To reveal this page you need to select FTP or WebDAV file protocol and enable //Encryption// on [[ui_login|Login dialog]] or select S3 protocol. | + | To reveal this page you need to select FTP, WebDAV or S3 file protocol and enable //Encryption// on [[ui_login|Login dialog]]. |
| &toc_title_page_sections | &toc_title_page_sections | ||
| - | ===== TLS/SSL Options ===== | + | ===== TLS Options ===== |
| - | Using //Minimum// and //Maximum %%TLS/SSL%% version// selections, you can configure what versions of TLS/SSL is WinSCP allowed to use. | + | Using //Minimum// and //Maximum %%TLS%% version// selections, you can configure what versions of TLS is WinSCP allowed to use. |
| - | The %%SSL%% is disabled by default to protect you from its known serious vulnerabilities. Enable is only, if the server does not support %%TLS%%. You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that suffer from known vulnerabilities (currently %%TLS%% 1.0). | + | The %%TLS%% 1.0 and 1.1 are disabled by default, to protect you from their known serious vulnerabilities. Enable them only, if the server does not support newer versions. You may want to restrict minimum %%TLS%% version further, in order to prevent WinSCP from using versions of %%TLS%% protocol that may become weak or insecure in the future. The insecure SSL protocol of any version is not supported. |
| - | You may want to restrict maximum %%TLS/SSL%% version, when there is an interoperability problem with your server. Particularly %%TLS%% 1.1 and %%TLS%% 1.2 are new and some servers do not implement them correctly. | + | You may want to restrict maximum %%TLS%% version, when there is an interoperability problem with your server. Particularly %%TLS%% 1.3 is new and some servers do not implement it correctly. |
| - | Uncheck //Reuse %%TLS/SSL%% session ID for data connections//, when there is an interoperability problem with your FTPS server when reusing the %%TLS/SSL%% session ID. The option is available for FTP protocol only. | + | Uncheck //Reuse %%TLS%% session ID for data connections//, when there is an interoperability problem with your FTPS server when reusing the %%TLS%% session ID. The option is available for FTP protocol only. |
| ===== [[authentication]] Authentication parameters ===== | ===== [[authentication]] Authentication parameters ===== | ||