View Attach (1) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jpg
 ssl_prefs1.jpg 553.1 kB 1 05-Dec-2023 05:32 Ada Csaba

This page (revision-23) was last changed on 21-Jan-2025 05:05 by Ben Spink

This page was created on 05-Dec-2023 05:32 by Ada Csaba

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed one line
On this page can issue an SSL cert and tweak SSL ciphers.
!SSL / TLS\\
If you already have a JKS, PFX, or PKCS12 keystore file, you do __not__ need to import this. This is a complete file and ready for CrushFTP to use. Just browse and choose this file, entering the password twice.\\
The top half of the page allows you to generate a new certificate by doing all 3 __Steps__ in order. [SSLCerts]\\
At line 3 removed one line
\\
At line 6 changed one line
In the upper half of the page can issue a new cert by doing all 3 __Steps__ or apply an existing keystore, as per [SSL/SSLCerts|this] wiki.
The __Advanced__ section allows changing supported SSL cipher groups or enabling/disabling individual ciphers.\\
\\
CrushFTP supports SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2,TLSv1.3.\\
TLSv1.3 requires Java 17+. We recommend only using TLSv1.2 and TLS v1.3. (TLS session resumption for FTPS/FTPES is only supported by TLSv1.3 and Java 17+.)\\
\\
__TLS versions__ field defines the supported TLS versions the server ports will use: HTTPS, FTPS, FTPES.\\
\\
__TLS versions client__ field defines the supported TLS versions for all outbound __client__ connections. This includes SMTP, HTTPS (outbound), FTP(S)(ES) (outbound), etc connections globally throughout the application.\\
\\
__Require valid client certificate__ , this is a rare feature when a remote server or your server is enforcing client [client cert|client certificate] authentication SSL/TLS. This should be configured individually on the server port instead of globally.\\
\\
The __All insecure ciphers__ link will move all non 'A' rated ciphers into the __Disabled ciphers__ list, we update the strength policy by CrushFTP updates as new ciphers come into existence or vulnerabilities are discovered in existing ones.\\
Version Date Modified Size Author Changes ... Change note
23 21-Jan-2025 05:05 1.643 kB Ben Spink to previous
22 21-Jan-2025 05:04 1.644 kB Ben Spink to previous | to last
21 21-Jan-2025 05:03 1.697 kB Ben Spink to previous | to last
« This page (revision-23) was last changed on 21-Jan-2025 05:05 by Ben Spink
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
Certifications and compliancy
FAQ
Hardening
LeftMenu

JSPWiki