Security settings
The client can use either the Transport Layer Security (TLS) or
the Kerberos security protocol. The Secure Sockets Layer (SSL) protocol is included in TLS.
Both protocols provide login authentication, data encryption and data integrity to ensure the data is
not modified during transmission.
To indicate the client should use a security protocol, select "Yes. Select the security mechanism:"
and select which security protocol the client should use.
If you choose to use a security mechanism, click on the "Security Settings..." button to customize your security
settings.
If you select "TLS", clicking the "Security Settings..." button allows you to set the following:
- The certificate (key ring) location. This field is required and there is no default.
- Which cipher algorithms the client should use to encipher data transfers and to encipher control information.
The default is to allow the system security server to choose the ciphers.
- Whether the client must use the TLS protocol. If the FTP server does not support TLS,
you can choose to allow the client to login without using the TLS security, or require the client
to use a secure session, thus failing the login.
The default is not require the client to use TLS.
- The level of security for the data connection. You can choose to require the client to encipher data transfers, or
allow data to be transferred raw without being enciphered.
The default is to not encipher the data, but allow the data to be enciphered at the server's request or at the
FTP user's request during the FTP session.
If you select "Kerberos (GSSAPI)", clicking the "Security Settings..." button allows you to set the following:
- Whether the client must use the Kerberos protocol. If the FTP server does not support Kerberos,
you can choose to allow the client to login without using Kerberos security, or require the client
to use a secure session, thus failing the login.
The default is not require the client to use Kerberos.
- The level of security for the data connection. You can choose to require the client to encipher data transfers, or
allow data to be transferred raw without being enciphered.
The default is to not encipher the data, but allow the data to be enciphered at the server's request or at the
FTP user's request during the FTP session.
- The level of security for the control connection. You can choose to require the client to encipher data (FTP commands
and replies), or
allow data to be transferred raw without being enciphered.
The default is to not encipher the data, but allow the data to be enciphered at the server's request or at the
FTP user's request during the FTP session.