Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: SSL 3.0 Vulnerability in our servers

I'm not sure what you mean by "block the ... connection externally"?

Anyway, WinSCP has SSL 3.0 disabled by default since 5.6.2.
In earlier versions you have to disable it manually in session settings:
https://winscp.net/eng/docs/ui_login_tls
Matthew.Warren

SSL 3.0 Vulnerability in our servers

As SSL 3.0 is a major vulnerability, could you please provide information on how to block the SSL 3.0 connection externally to WinScp? My client would like for the tool to only use a TLS 1.0, 1.1 and 1.2 connection.

We currently have both a TLS and SSL connection externally to the application, however, we need to remove the SSL 3.0 connection and only use TLS to remediate the vulnerability.

It is suspected that SSL 3.0 is disabled by default, but could you provide instruction on how to disbale SSL 3.0 manually?

Version of WinSCP: 5.5.6

Version of Microsoft Windows: Windows 2008 (64-bit)

Transfer Protocol: FTP

Thank you.

Matthew