WS_FTP Server relies on the underlying Windows operating system for TLS protocol and cipher suite support for its web components hosted in IIS (Web Admin, AHT and WTM). To ensure secure communication and compliance with security standards, we recommend hardening the default TLS configuration on your Windows Server.

This includes:

  • Disabling legacy protocols such as SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1.
  • Prioritizing strong cipher suites (e.g., AES-GCM) and disabling weak ciphers such as DES, IDEA, and 64-bit block ciphers vulnerable to SWEET32.
  • Enforcing the use of TLS 1.2 or TLS 1.3.

For detailed guidance, refer to the Microsoft documentation:🔗 Manage Transport Layer Security (TLS) in Windows

Important: These TLS settings affect only the IIS-hosted components of WS_FTP Server, including the Ad Hoc Transfer Module, WS_FTP Server Manager (Admin interface), and Web Transfer Module (ThinClient). The FTP(S) and SFTP services use separate protocol engines and are not impacted by Windows TLS configuration.
Note: The TLS settings are managed at the OS level and are not controlled by WS_FTP Server.