TLS support offers a wide range of setting options. You can make these settings as follows:
With the aid of options which are stored in one or more option files and are interpreted when the FTP server is started (see section “Configuring FTP via the option file”).
With the aid of the installation command parameters SET-FTP-TELNET-PARAMETERS (see section “Configuration of FTP using theSET-FTP-TELNET-PARAMETERS installation command” (Configuration of FTP using the SET-FTP-TELNET- PARAMETERS installation command)).
The table below shows the options for TLS support on the FTP server. For the individual options there are also corresponding parameters of the SET-FTP-TELNET-PARAMETERS command.
Option | Description |
Choose TLS protocol versions selectively | |
Specify cipher suite preference list | |
Specifiy whether the cipher suite preference order of the server or the client is applied | |
Specify whether to prioritize ChaCha20 based cipher suites | |
Specify file which contains the RSA-based X.509 server certificate in PEM format | |
Specify file which contains the private RSA server key in PEM format | |
Specify file which contains the DSA-based X.509 server certificate in PEM format | |
Specify file which contains the private DSA server key in PEM format | |
Specify file in which all the certificates required for verification of the server certificate can be stored | |
Specify file which contains the certificates required for authentication of the FTP client in PEM format | |
Specify file from which the names of the CAs that the server accepts as signatories of client certificates can be obtained | |
Specify file which contains the CRLs of the CAs | |
Define whether the FTP client must provide a certificate for server access | |
Define verification depth | |
Define whether the control connection from the FTP client to the FTP server is to be secured with TLS | |
Define whether the data connection from the FTP client to the server child is to be secured with TLS | |
Specify file from which the data for initializing the PRNG is read when the server is started | |
Define the LMS file from which the OpenSSL library should be dynamically loaded |