On this page can issue an SSL cert and tweak SSL ciphers.
\\
[{Image src='ssl_prefs1.jpg' width='1360' height='..' align='left' style='..' class='..' }]\\
\\
In the upper half of the page can issue a new cert by doing all 3 __Steps__ or apply an existing keystore, as per our [SSL Cert|SSLCerts] wiki.\\
\\
The __Advanced__ section allows changing supported SSL cipher groups or enable/disable individual ciphers.\\
\\
__TLS versions__ field defines the supported cipher groups for all SSL __server__ ports: HTTPS, WEBDAVS, FTPS, FTPES.\\
\\
__TLS versions client__ field defines the supported cipher groups for all __client__ mode: CrushTask task items, remote user VFS of HTTPS, WEBDAVS, FTPS, FTPES type, the AS2 protocol, SMTP relay connector.\\
\\
CrushFTP v10 supports SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2,TLSv1.3, while TLSv1.3 ciphers require Java 17+.\\
\\
__REMINDER:__ TLS session resumption for Implicit FTPS is only supported by TLSv1.3, when using this protocol either in client or server mode, need to tweak the cipher groups accordingly.\\
\\
__Require valid client certificate__ , usually never needs to be turned on, enforces client [client cert|client certificate] authentication for all SSL ports. Rather recommanded to use the appropriate settings on specific server listener items instead.\\
\\
The __All insecure ciphers__ link will move all non-A rated ciphers into the __Disabled ciphers__ list, we update the strength policy by CrushFTP updates as new ciphers come in existence or vulnerabilities are discovered in existing ones.\\