Security Settings...
This button is available only if you have indicated the server should be enabled to support clients
using the Transport Layer Security (TLS) or the Kerberos security protocols.
If TLS is checked, you are required to enter a key ring database by clicking this button.
You may also further customize your security settings by clicking this button.
If you select TLS, clicking the "Security Settings..." button allows you to set the following:
- The certificate (key ring) location. This field is required and there is no default.
- Which cipher algorithms the server should use to encipher data transfers and to encipher control information.
The default is to allow the system security server to choose the ciphers.
- Whether the clients must use the TLS protocol.
The default is to not require the client to use TLS.
- Whether to require client certificate authentication.
The default is to not require client certificate authentication.
- The level of security for the data connection. You can choose to require the server to encipher data transfers, or
to allow the client to decide the level of security for data transfers.
The default is to allow the clients to decide the level of security.
If you select Kerberos, clicking the "Security Settings..." button allows you to set the following:
- Whether the client must use the Kerberos protocol.
The default is not require the client to use Kerberos.
- The level of security for the data connection. You can choose to require the server to encipher data transfers, or
allow the clients to decide the level of security.
The default is to allow the clients to decide the level of security.
- The level of security for the control connection. You can choose to require the client to encipher data (FTP commands
and replies), or
allow the clients to decide the level of security.
The default is to allow the clients to decide the level of security.