On this page can issue an SSL cert and tweak SSL ciphers.

In the upper half of the page can issue a new cert by doing all 3 Steps or apply an existing keystore, as per our SSL Cert wiki.

The Advanced section allows changing supported SSL cipher groups or enable/disable individual ciphers.

TLS versions field defines the supported cipher groups for all SSL server ports: HTTPS, WEBDAVS, FTPS, FTPES.

TLS versions client field defines the supported cipher groups for all client mode: CrushTask task items, remote user VFS of HTTPS, WEBDAVS, FTPS, FTPES type, the AS2 protocol, SMTP relay connector.

CrushFTP v10 supports SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2,TLSv1.3, while TLSv1.3 ciphers require Java 17+.

REMINDER: TLS session resumption for Implicit FTPS is only supported by TLSv1.3, when using this protocol either in client or server mode, need to tweak the cipher groups accordingly.

Require valid client certificate , usually never needs to be turned on, enforces client client cert authentication for all SSL ports. Rather recommanded to use the appropriate settings on specific server listener items instead.

The All insecure ciphers link will move all non-A rated ciphers into the Disabled ciphers list, we update the strength policy by CrushFTP updates as new ciphers come in existence or vulnerabilities are discovered in existing ones.

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
ssl_prefs1.jpg 553.1 kB 1 05-Dec-2023 05:32 Ada Csaba
« This page (revision-17) was last changed on 18-Apr-2024 12:48 by Ada Csaba
G’day (anonymous guest)
CrushFTP11 | What's New