!SSL / TLS\\
If you already have a JKS, PFX, or PKCS12 keystore file, you do __not__ need to import this.  This is a complete file and ready for CrushFTP to use.  Just browse and choose this file, entering the password twice.\\
The top half of the page allows you to generate a new certificate by doing all 3 __Steps__ in order. [SSLCerts]\\
\\
[{Image src='ssl_prefs1.jpg' width='1360' height='..' align='left' style='..' class='..' }]\\
\\
The __Advanced__ section allows changing supported SSL cipher groups or enabling/disabling individual ciphers.\\
\\
CrushFTP supports SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2,TLSv1.3.\\
TLSv1.3 requires Java 17+.  We recommend only using TLSv1.2 and TLS v1.3. (TLS session resumption for FTPS/FTPES is only supported by TLSv1.3 and Java 17+.)\\
\\
__TLS versions__ field defines the supported TLS versions the server ports will use: HTTPS, FTPS, FTPES.\\
\\
__TLS versions client__ field defines the supported TLS versions for all outbound __client__ connections.  This includes SMTP, HTTPS (outbound), FTP(S)(ES) (outbound), etc connections globally throughout the application.\\
\\
__Require valid client certificate__ , this is a rare feature when a remote server or your server is enforcing client [client cert|client certificate] authentication SSL/TLS.  This should be configured individually on the server port instead of globally.\\
\\
The __All insecure ciphers__ link will move all non 'A' rated ciphers into the __Disabled ciphers__ list, we update the strength policy by CrushFTP updates as new ciphers come into existence or vulnerabilities are discovered in existing ones.\\