The following new features and improvements were added to WS_FTP Server 2022.0 (8.8).

Multi-factor authentication

Multi-factor authentication protects Web Transfer Client user's accounts from unverified users when a user's account password is lost, stolen, or compromised. To verify user identity, WS_FTP Server gives Web Transfer Client users private access to a uniquely-generated verification code made available to the user by mobile app. This additional verification step ensures user sign in is genuine.

This feature includes:

  • Admin-level UI controls that enable administrators to implement multi-factor authentication.
  • Online guide/wizard that guides end-users through the app verification and setup needed for multi-factor authentication.
  • UI controls that enable administrator to require multi-factor authentication for selected user classes.
  • UI controls that enable administrators to exempt specific users.
  • Users can optionally 'opt in' to use multi-factor authentication when it is not an enforced requirement.
  • User identity verification using a mobile authenticator app.

For more information, see WS_FTP Server Multi-Factor Authentication and Web Transfer Client Multi-Factor Authentication.

SSL certificate and SSH host key size updates

To improve secure certificate creation, the minimum key size for SSL certificate and SSH host key creation was increased from 1024 to 2048 bit. WS_FTP Server users can also choose 3072 or 4096 bit.

Upgrades to the latest version will not affect existing keys of sizes smaller than 2048 bit.

Disable default banner update

The default banner is disabled by default. This prevents identifying information about the server being displayed. WS_FTP Server user can opt to enable the banner. For more information, see Creating Listeners.

WS_FTP Web Server support deprecation

WS_FTP Web Server is no longer supported. For information about migrating WS_FTP Server Manager to IIS, see How to migrate the WS_FTP Server Manager to IIS.

SFTP transfer performance improvement

Updates to WS_FTP Server resulted in significant improvements to SFTP upload speeds.

Listener encryption settings (SSH) updates

WS_FTP SFTP Server now supports advanced public host key algorithms RSA-SHA-2 256 and RSA-SHA-2 512.

Less secure ciphers, MACs, and key exchange algorithms are disabled by default on new installations. When new listeners are created, the updated standards are enforced. The listener exchange settings are unchanged on upgrades to the latest version.

The following encryption settings are disabled by default:

  • Cipher - 3des.cbc, blowfish.cbc, and cast128.cbc
  • MAC - hmac-md5 and hmac-md5-96
  • Key Exchange Algorithm - Diffie-hellman-group1-sha1

    If required, you can re-enable the encryption settings from the Listener Encryption Settings page.

SSH user key authentication update

The Require multi-factor authentication check box for users was renamed Require password and SSH user key to ensure clarity. For more information, see Configuring password and SSH user key authentication.

Microsoft SQL Server support

WS_FTP Server 2022.0 supports Microsoft SQL Server 2019 Enterprise/Standard

Windows Server 2022 support

WS_FTP Server 2022.0 supports deployment to the Windows Server 2022 operating system.

Updated uninstall option

If you choose to uninstall WS_FTP Server and remove your configuration data during the uninstall process, you can optionally choose to remove the PostgreSQL database server.

OpenSSL update

OpenSSL was upgraded from 1.0.2u to 1.0.2zf to incorporate security fixes and prevent potential vulnerabilities. For more information, see https://www.openssl.org/news/vulnerabilities-1.0.2.html.