Topic "SSL 3.0 Vulnerability in our servers"

Author Message
Matthew.Warren

Guest


As SSL 3.0 is a major vulnerability, could you please provide information on how to block the SSL 3.0 connection externally to WinScp? My client would like for the tool to only use a TLS 1.0, 1.1 and 1.2 connection.

We currently have both a TLS and SSL connection externally to the application, however, we need to remove the SSL 3.0 connection and only use TLS to remediate the vulnerability.

It is suspected that SSL 3.0 is disabled by default, but could you provide instruction on how to disbale SSL 3.0 manually?

Version of WinSCP: 5.5.6

Version of Microsoft Windows: Windows 2008 (64-bit)

Transfer Protocol: FTP

Thank you.

Matthew
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
I'm not sure what you mean by "block the ... connection externally"?

Anyway, WinSCP has SSL 3.0 disabled by default since 5.6.2.
In earlier versions you have to disable it manually in session settings:
https://winscp.net/eng/docs/ui_login_tls
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License