This is version 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

On this page can issue an SSL cert and tweak SSL ciphers.

In the upper half of the page can issue a new cert by doing all 3 Steps or apply an existing keystore, as per this wiki.
The Advanced section allows changing supported SSL cipher groups or tweak individual ciphers.

TLS versions field defines the supported cipher groups for all SSL server ports: HTTPS, WEBDAVS, FTPS, FTPES.

TLS versions client field defines the supported cipher groups for all client mode: CrushTask task items, remote user VFS of HTTPS, WEBDAVS, FTPS, FTPES type, the AS2 protocol, SMTP relay connector.

CrushFTP v10 supports SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2,TLSv1.3, while TLSv1.3 ciphers require Java 17+.

REMINDER: TLS session resumption for Implicit FTPS is only supported by TLSv1.3, when using this protocol either in client or server mode, need to tweak the cipher groups accordingly.


Require valid client certificate , usually never need to turn it on, enforces client client cert authentication for all SSL ports.

The All insecure ciphers link will move all non-A rated ciphers into the Disabled ciphers list, we update the strength policy by CrushFTP updates as new ciphers come in existence or vulnerabilities are discovered in existing ones.