Force only TLS1.2

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
daniel.ward
500 Command not understood
Posts: 2
Joined: 2022-07-05 23:09
First name: Daniel
Last name: Ward

Force only TLS1.2

#1 Post by daniel.ward » 2022-07-05 23:27

Hi all

Sorry i am new here.
have a client that is running Server 1.4.1 and is wanting to use only TLS1.2 (requirement of their contractor's middleware)

All i can see in the server config is minimum TLS 1.2 option (which is already in use), and the contractor is stating that it is still coming up TLS 1.3

am i missing something?

User avatar
boco
Contributor
Posts: 26899
Joined: 2006-05-01 03:28
Location: Germany

Re: Force only TLS1.2

#2 Post by boco » 2022-07-06 01:30

Sorry, deliberately reducing security is not possible.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

daniel.ward
500 Command not understood
Posts: 2
Joined: 2022-07-05 23:09
First name: Daniel
Last name: Ward

Re: Force only TLS1.2

#3 Post by daniel.ward » 2022-07-06 03:49

Thanks boco

just seems weird that the options states it will at least support TLS1.2

User avatar
oibaf
Contributor
Posts: 396
Joined: 2021-07-16 21:02
First name: Fabio
Last name: Alemagna

Re: Force only TLS1.2

#4 Post by oibaf » 2022-07-06 09:37

"at least" means that it won't go below that level, but the client and the server are free to agree to a better version they both understand. So if the client supports TLS1.3, that's what is going to be used.

This also means that if one wants to use only TLS1.2, for whatever reason, then they can force the client to not go beyond that.

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Force only TLS1.2

#5 Post by botg » 2022-07-06 09:39

But the client and the server are free to agree to a better version they both understand
Not quite. As per specifications, they must agree to the highest version advertised by both.

User avatar
oibaf
Contributor
Posts: 396
Joined: 2021-07-16 21:02
First name: Fabio
Last name: Alemagna

Re: Force only TLS1.2

#6 Post by oibaf » 2022-07-06 09:48

Well, that's what I meant, but ok, they are not free, they are forced. :D

Post Reply