On this page can issue an SSL cert and tweak SSL ciphers.
\\
[{Image src='ssl_prefs1.jpg' width='1360' height='..' align='left' style='..' class='..' }]\\
\\
In the upper half of the page can issue a new cert by doing all 3 __Steps__ or apply an existing keystore, as per [this|SSLCerts] wiki.\\
The __Advanced__ section allows changing supported SSL cipher groups or tweak individual ciphers.\\
\\
__TLS versions__ field defines the supported cipher groups for all SSL __server__ ports: HTTPS, WEBDAVS, FTPS, FTPES.\\
\\
__TLS versions client__ field defines the supported cipher groups for all __client__ mode: CrushTask task items, remote user VFS of HTTPS, WEBDAVS, FTPS, FTPES type, the AS2 protocol, SMTP relay connector.\\
\\
CrushFTP v10 supports SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2,TLSv1.3, while TLSv1.3 ciphers require Java 17+.\\
__REMINDER:__ TLS session resumption for Implicit FTPS is only supported by TLSv1.3, when using this protocol either in client or server mode, need to tweak the cipher groups accordingly.\\
\\
\\
__Require valid client certificate__ , usually never need to turn it on, enforces client [client cert|client certificate] authentication for all SSL ports.\\
\\
The __All insecure ciphers__ link will move all non-A rated ciphers into the __Disabled ciphers__ list, we update the strength policy by CrushFTP updates as new ciphers come in existence or vulnerabilities are discovered in existing ones.\\