Specify SSL versions and ciphers before enabling SSL connections. SSL connections can be enabled at the Site, User Setting Level, and per user.
To configure SSL
In the left pane, click the Server.
In the right pane, click the Security tab.
In the SSL Compatibility area, specify the version to use:
If you want to allow the user to use any compatible SSL version, click Auto Negotiable (selected by default).
If you want to force a particular version (TLS 1.0, SSL 2.0, or SSL 3.0), select it, and only that version will be allowed. If you select Defined, TLS 1.0 is automatically selected, because at least one SSL version must be defined. If you attempt to clear the last remaining check box, an error message appears to remind you that at least one version must be selected.
Specify one or more Ciphers to use, or manually specify the ciphers. At least one cipher must be specified. If more than one approved cipher is specified, and the connecting client has in its list one or more ciphers that are also on EFT Server’s approved list, EFT Server will select and use the cipher based on ordering (priority) shown in the list box.
Only advanced users should manually specify ciphers. |
In the Select from list box, check the box of ciphers to use and clear the check box for those ciphers that you do not want to use.
Click the Priority arrows to arrange the ciphers in top-down priority.
In the Protocol Specific area, check the Allow Clear Command Channel (CCC) for FTPS connections and/or Allow unprotected data channel (PROT C) for FTPS connections, as needed. Users that attempt CCC or Prot-C must receive the appropriate FTP error code if not permitted by the Server. The client must then retry using protected command or data channels to connect.
Click Apply to save the changes to EFT Server.
|