Versions Compared

Old Version 9

changes.mady.by.user Jason Smith

Saved on

compared with

New Version 10

changes.mady.by.user Jason Smith

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Basic
  • Ntlm
  • Digest

TLS/SSL

TLS/SSL Allowed

The file transfer action allows for the following TLS protocols to be accepted when connecting to the host:

  • SSL 3.0
  • TLS 1.0
  • TLS 1.1
  • TLS 1.2

Note that these options only become available when a TLS based file transfer protocol is selected, namely the FTPS protocols. Please check with your host FTPS provider as to which TLS protocols to use. Depending on the configuration of the host certain protocols might not be allowed, or would provide better security for the connection. When running the action will attempt to select the highest security protocol as a default, and log which one was used. 

Certificate Validation

The file transfer action allows the following certificate verification methods. 

  • Accept any certificate - This option will accept any certificate the server presents to the connection. This might be used if the certificate is unknown, or handling the validation is not possible on the Continua agent machine.  
  • Use windows infrastructure - This option uses the windows certificate store to validate the certificate presented by the host. If the host certificate chain is not trusted by the windows key store on the agent machine then the connection will be rejected. 
  • Locally stored thumbprint - Typically the simplest to setup, a thumbprint of the hosts certificate is stored with the action. To obtain a thumbprint ask your host provided to generate a thumbprint of their services certificate, or use an ftp client which presents it to you on connection. 
  • Reject certificates - Typically not used, but included to allow for user testing of rejecting certificates. This option will simply reject any certificate supplied and terminate the connection. In turn failing the action. 

Thumbprint (SHA1 hash)

When using the cerificate validation method of "Locally stored thumbprint" this option will appear. It stores the thumbprint of a certicate which is valid to accept. 

Allowed Suites

This allows for the setting of the cipher suites to use in securing the connection. The options available are:

  • None - Do not allow any cipher suites to be used in securing the connection. Typically a server will not allow a cipher suite to not be chosen (as the connection would not be secured) and will drop the connection. Typically this option is not used in production. 
  • Anonymous - This allows for any of the anonymous ciphers to be chosen to secure the connection. For example "Anonymous DES in CBC mode with SHA-1 hash" is one cipher which fits into this category. 
  • Secure - This allows for any of the cipher suites that are considered secure to be selected. This is the best option for securing the connection. 
  • All - This option allows for all cipher suites known to the file transfer action to be allowed to be used. This option can be chosen if the cipher suite to use is unknown, or a broader set of suites is required that isn't covered by one of the above. 

Clear Command Channel

This option means the file transfer action will clear the command channel on the secure connection after login. Some servers require this to function correctly. If your experiencing any login errors where the server is reporting unexpected commands please turn this option on. 

SSH

Key Validation

 

Key Algorithm

 

Hash Algorithm

 

Hash Value