FileZilla Forums

Welcome to the official discussion forums for FileZilla
https://forum.filezilla-project.org/

Force only TLS1.2

https://forum.filezilla-project.org/viewtopic.php?f=6&t=54888

Page 1 of 1

Force only TLS1.2

Posted: 2022-07-05 23:27
by daniel.ward
Hi all

Sorry i am new here.
have a client that is running Server 1.4.1 and is wanting to use only TLS1.2 (requirement of their contractor's middleware)

All i can see in the server config is minimum TLS 1.2 option (which is already in use), and the contractor is stating that it is still coming up TLS 1.3

am i missing something?

Re: Force only TLS1.2

Posted: 2022-07-06 01:30
by boco
Sorry, deliberately reducing security is not possible.

Re: Force only TLS1.2

Posted: 2022-07-06 03:49
by daniel.ward
Thanks boco

just seems weird that the options states it will at least support TLS1.2

Re: Force only TLS1.2

Posted: 2022-07-06 09:37
by oibaf
"at least" means that it won't go below that level, but the client and the server are free to agree to a better version they both understand. So if the client supports TLS1.3, that's what is going to be used.

This also means that if one wants to use only TLS1.2, for whatever reason, then they can force the client to not go beyond that.

Re: Force only TLS1.2

Posted: 2022-07-06 09:39
by botg
But the client and the server are free to agree to a better version they both understand
Not quite. As per specifications, they must agree to the highest version advertised by both.

Re: Force only TLS1.2

Posted: 2022-07-06 09:48
by oibaf
Well, that's what I meant, but ok, they are not free, they are forced. :D
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited