Thread: TLS Settings
View Single Post
Old 08-17-2011, 12:50 PM  
Yil
Too much time...
 
Join Date: May 2005
Posts: 1,194
Default

I'm curious why you would want to limit it to TLS only? As far as I can tell the TLS, SSL3, and SSL2 just define a way to negotiate with the client so they can agree on an encryption protocol to use and some options to enable (see 'OpenSSL_Options'). There are a number of other more subtle differences but I think the REAL question is which encryption protocols you want to support! That is controlled by 'OpenSSL_Ciphers = DEFAULT:!LOW:!EXPORT' which I have set up to ban the lamest ciphers by default...

Fair warning, if you limit OpenSSL to TLS you also limit FXP connections to other servers to TLS only. Sometimes that is OK and other times it might not be, don't be surprised if FXP transfers have issues.

In the future maybe I'll add support for FXP only settings, but right now the control connection and data transfer share the same context because of host fingerprinting, tickets, etc.
Yil is offline   Reply With Quote