TLS setting enables WinSCP to work with Windows IIS again

Advertisement

whereisaaron
Joined:
Posts:
2
Location:
Boston, MA

TLS setting enables WinSCP to work with Windows IIS again

Earlier this year a security update to Windows Server changed the way cipher negotiation for FTP with TLS works. The change was made for an HTTPS vulnerability, but it affected FTP TLS also.

After that, clients like WinSCP and Filezilla and clients that use the GNU SSL library stopped working with Windows Server IIS FTP+TLS. WinSCP will connect and display directory listings, but file transfers abort with the message:

"Copying files to remote side failed. The supplied message is incomplete. The signature was not verified."

Users have reported this problem but AFAIK the incompatibility is still not fixed. The client/library writers blame Microsoft for breaking TLS. Microsoft, as per normal with standards, either doesn't care or will take 5-10 years to get around to fix. A client workaround would be nice, but the Filezilla maintainer has had multiple tantrums over it in the forums :-(

The good news is WinSCP 5.2.4 beta enables a workaround. The new TLS/SSL site options let you set the maximum version to 'TLS 1.0', and this acts as a workaround for the problem. WinSCP can be used with Windows Server IIS for FTP + TLS again!!

This would be good to document somewhere.

Reply with quote

Advertisement

martin
Site Admin
martin avatar

Re: TLS setting enables WinSCP to work with Windows IIS again

I was testing this only to find that IIS does not support TLS 1.1 and TLS 1.2 by default. One has to enable this in registry (<invalid hyperlink removed by admin>). They probably know why they do not enable this by default...

Reply with quote

Advertisement

You can post new topics in this forum