SSL Settings

How to get here

This page displays SSL settings for the current host.

Note: Some SSL settings must be configured at the listener level.

• Force SSL. Select this option to force users to make an SSL connection. While this does not change the way they are connecting automatically, it will refuse any connection not using SSL negotiations and send an error message stating why the connection was refused. This option only affects SSL enabled listeners; it has no effect on Implicit SSL or SSH listeners.
• Force SSL on data channel. Select this option to force the client to use SSL on the data channel. With this selected, all data that is passed from the server to the client and vice-versa will be encrypted.  Otherwise, only the command channel is encrypted each time SSL is used. If the client can not encrypt the data channel, the connection to the server is terminated. This option is only available if Force SSL is enabled.
• Allow Clear Command Channel (CCC) (selected by default). If selected, clients can issue the CCC command to revert a secured command channel to unsecured. If cleared, CCC commands fail.
• Minimum SSL level. Select the minimum level of SSL encryption to use.
  • No minimum level. SSL can be used at any encryption level.
  • 128-bit encryption. SSL connections must use at least 128-bit encryption. Connections at a lower encryption strength are rejected.
  • 256-bit encryption. SSL connections must use at least 256-bit encryption. Connections at a lower encryption strength are rejected.

    Tip: The client software used to connect must support the minimum SSL level. Ipswitch WS_FTP Professional supports 40, 128 and 256-bit AES encryption for SSL connections.

Note: These settings are cached by WS_FTP Server for up to ninety seconds. Changes made to these settings are not recognized until the services are restarted or the cache expires.