This is an old revision of the document!
The TLS/SSL Page (Advanced Site Settings Dialog)
The TLS/SSL page on the Advanced Site Settings dialog allows you to configure options of TLS/SSL protocols for FTPS, WebDAVS and S3.
Advertisement
To reveal this page you need to select FTP or WebDAV file protocol and enable Encryption on Login dialog or select S3 protocol.
Refer to documentation of page sections:
TLS/SSL Options
Using Minimum and Maximum TLS/SSL version selections, you can configure what versions of TLS is WinSCP allowed to use.
The TLS 1.0 and 1.1 are disabled by default, in the latest beta version, to protect you from their known serious vulnerabilities. Enable them only, if the server does not support newer versions. You may want to restrict minimum TLS version further, in order to prevent WinSCP from using versions of TLS protocol that may become weak or insecure in the future. The latest beta version does not support insecure SSL protocol of any version.
You may want to restrict maximum TLS version, when there is an interoperability problem with your server. Particularly TLS 1.3 is new and some servers do not implement it correctly.
Uncheck Reuse TLS/SSL session ID for data connections, when there is an interoperability problem with your FTPS server when reusing the TLS session ID. The option is available for FTP protocol only.
Authentication parameters
If the server requires an authentication with a client certificate, specify a path to one in the Client certificate file box.
Advertisement
Further Reading
Read more about Login dialog and Advanced Site Settings dialog.