Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

augusoft

Re: TLS 1.0 / Port 990 PCI scan failure

OK, so you are saying that as a client, it wouldn't be exposing port 990 - it is only using port 990 for external connections, therefore I have something else on the server unrelated to WinSCP that I need to find. Thanks for the clarification.

To find what was using the port, in a command prompt, ran "netstat -o -n -a | find "0.0:990". This returned a PID which I could look up in Task Manager Details tab. Found it was FileZilla server. Needed to edit the settings XML C:\Program Files (x86)\FileZilla Server\FileZilla Server.xml and change the value from 0 (TLS 1.0) to 1 (TLS 1.1) <Item name="Minimum TLS version" type="numeric">1</Item> (value 2 = TLS 1.2)
martin

Re: TLS 1.0 / Port 990 PCI scan failure

WinSCP is not a server. It's a client.
augusoft

TLS 1.0 / Port 990 PCI scan failure

We received a PCI failure on port 990 - that TLSv1 cipher suites were exposed and available. I have set the minimum TLS for the single WinSCP site to be 1.1, but the scan still fails. I am not aware of anything else on the server using port 990. Is there anywhere else I can disable TLS 1.0 in WinSCP? Does something have to be restarted for it to take effect? I don't see any WinSCP service in running services.