Enabling SSL on EFT Server

Protocols are mostly configured at the Site level; however, before configuring SSL on the Site, you must configure SSL and FIPS-approved connections at the EFT Server level.

Specify SSL versions and ciphers before enabling SSL connections. After you have enabled SSL at the Server level, SSL connections can be enabled on the Site, Setting Template, and per user. Each level inherits the parent-level settings.

To configure SSL

In the Administrator, connect to EFT Server and click the Server tab.
In the left pane, click the Server node that you want to configure.
In the right pane, click the Security tab.
In the SSL Compatibility area, specify the SSL version to use:

If you want to allow the user to use any compatible SSL version, click Auto Negotiable (selected by default).
If you want to force a particular version (TLS 1.0, SSL 2.0, or SSL 3.0), select it, and only that version will be allowed. If you select Defined, TLS 1.0 is automatically selected, because at least one SSL version must be defined. If you attempt to clear the last remaining check box, an error message appears to remind you that at least one version must be selected.

In the Select from list box, select the check box of one or more Allowed ciphers to use or manually specify the ciphers. At least one cipher must be specified.

Only advanced users should manually specify ciphers.

Click the Priority arrows to arrange the ciphers in top-down priority. If more than one approved cipher is specified, and the connecting client has in its list one or more ciphers that are also on EFT Server’s approved list, EFT Server will select and use the cipher based on ordering (priority) shown in the list box.
In the FTPS Protocol Specific area, check the Allow Clear Command Channel (CCC) for FTPS connections and/or Allow unprotected data channel (PROT C) for FTPS connections, as needed. Users that attempt CCC or Prot-C must receive the appropriate FTP error code if not permitted by EFT Server. The client must then retry using protected command or data channels to connect.
Click Apply to save the changes to EFT Server.

SSL Cipher and Version-allowed settings affect ALL Sites on EFT Server.
PCI DSS requirements mandate use of 128-bit or higher ciphers, and SSLv3, TLS or greater.
A Certificate Authority (CA)-signed certificate establishes your validity better than a self-signed certificate.
For details of SSL when using FIPS mode, refer to FIPS-Compliant Protocols and Ciphers.

Did this topic solve your problem/answer your question?

- For the most up-to-date information regarding EFT Server and its modules;

- To view version history, updates, and activation instructions;

- To download a PDF of this user guide;

- And to search the Knowledge Base and User Forum,

Visit the GlobalSCAPE Support Center, http://www.globalscape.com/support .

Refer to Copyright Information for copyright information.

Last modified: October 14, 2009