FTP(S) endpoint

Explicit FTPS: The command and data ports are both intially clear-text. Then, when an AUTH command is issued, both ports are secure. When you select this value, the Authorization Type field displays.
Implicit FTPS: The command and data ports are both secure always.
Plain FTP: Both command and data ports are both clear-text always.

This field is displayed only when you select Explicit FTPS in the Encryption Mode field.

Choose from the following:

Auth SSL: Use the SSL protocol without protecting the data connection.
Auth TLS: Use the SSL protocol and explicitly protect the data conneciton.
Auth TLS-C: Use the TLS protocol without implicitly protecting the data connection.

Auth TLS-P: Use the TLS protocol and implicitly protect the data connection.

Enter either a fully qualified name (recommended) or an IP address and a port number.

Port number 21 is standard for plain FTP and explicit FTPS.

Port number 990 is standard for implicit FTPS.

The credentials used to log into this endpoint.

Account is optional.

Content Type

Choose ASCII or Binary.

ASCII mode will change end-of-line characters when transferring across Windows and non-Windows systems.

Data Mode

Sets the default behavior for opening data port connections between the FTP client and FTP server.

Active mode: Causes the client to listen for an inbound connection from the server during data transfers.
Passive mode: Causes the server to listen for an outbound connection from the client during data transfers. The server indicates the IP address and port number. The FTP server will cycle through port numbers, usually a subset of 1024-65535.

Command Address

Use Command Address: This field is displayed only when you select Passive mode in the Data Mode field.; Indicates the IP address specified by the server should be ignored and the command port address be used instead. (This might be necessary if the server is advertising an internal rather than an external IP address.)

OpenPGP protects files being transferred through encryption and signing. Open PGP should be configured only if this endpoint is part of a trading relationship.

Inbound

Verify Signed Payloads: Select to ensure that when a signed payload is received, the signature matches the payload that was sent.; When you select this check box, you are prompted to select the trading partner's signing certificate. This field is prefilled with the outbound encryption certificate as the same certificate is commonly used for both. See Selecting a certificate.
Accept Encrypted Payloads: Select to accept encrypted inbound payloads.; When you select this check box, you are prompted to select your decryption certificate. This field is prefilled with the outbound signing certificate as the same certificate is commonly used for both. See Selecting a certificate.

Outbound

Sign: Select this check box to sign messages sent from this endpoint.; When you select Sign, you are prompted to select your signing certificate. This field is prefilled with the inbound decryption certificate as the same certificate is commonly used for both. See Selecting a certificate.
Encrypt: Apply encryption to messages sent from this endpoint.; When you select Encrypt, you are prompted to select the trading partner's encryption certificate. This field is prefilled with the inbound signing certificate as the same certificate is commonly used for both. See Selecting a certificate.
Compress: Apply ZLIB compression to messages sent from this endpoint. Choose this option for large files to conserve bandwidth and improve efficiency and security.
Text Output (ASCII armor): Encase encrypted messages in ASCII for ease of sending using standard messaging formats.

Security

TLS Protocol Version

Minimum

Maximum

Select minimum and maximum versions for TLS protocol. Messages from systems using versions of TLS outside the range you specify are not accepted.

Choose from the following:

SSL 3.0
TLS 1.0 (SSL 3.1)
TLS 1.1 (SSL 3.2)
TLS 1.2 (SSL 3.3)

TLS Minimum Encryption Key Size

The minimum encryption key size allowed when selecting an TLS cipher. To prevent use of low- or medium-strength ciphers, change from the default value of 0 to 112, 128, or 256 (depending on the requirement). Note that if this value is set too high, all ciphers are filtered out causing the No suitable cipher suites are enabled exception to occur.

TLS Ciphers

Select All to present the list of supported ciphers to the server and allow the server to pick one.

Select Select from list and to display a list from which you choose a specific cipher.

The cipher selected is used with the server for key exchange, encryption, and hashing. If the server does not support the cipher, an SSL handshake error will occur.

TLS Renegotiation

Allow TLS Legacy Renegotiation: Allows legacy renegotiation. Otherwise, the extension described in RFC5746 will be used for renegotiation and any TLS clients must also support this extension. See RFC5746 for a description of the extension and the vulnerability it addresses.

Post Auth Command

A command or set of commands to be issued after the Explicit SSL Command and login sequence. The PBSZ and PROT commands (PBSZ 0;PROT P) are required by some servers regardless of the AUTH type used and are necessary for data channel protection (AUTH TLS or AUTH TLS-C).

If multiple FTP commands are needed after the AUTH command, set this property to all of the commands separated by semicolons (;).

OpenPGP

This section is displayed when you select Sign, Encrypt or Compress in the OpenPGP > Outbound section above.

OpenPGP Algorithms

Hash Algorithm

Choose the signing method used when OpenPGP packaging (with signing) is requested from the following:

MD2
MD5
RIPE-MD-160
SHA-1
SHA-256
SHA-384
SHA-512

V3 Signature

Select this check box to sign messages with Version 3 signatures.

Encryption Algorithm

Choose the algorithm you want to use to encrypt messages. The remote host receiving the message must be able to decrypt the message using the algorithm you choose.

Compression Algorithm

Choose the algorithm you want to use to compress messages. The remote host receiving the message must be able to decrypt the message using the algorithm you choose.

Choose either ZIP or ZLIB.

Security

Compression Algorithm

Choose a compression algorithm from the following:

none
zlib
zlib@openssh.com

Key Exchange Algorithm

Choose a key exchange algorithm from the following:

curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha256

Cipher Algorithm

Choose a transport cipher algorithm from the following:

aes128-ctr
aes192-ctr
aes256-ctr

MAC Algorithm

Choose a transport MAC algorithm from the following:

hmac-sha2-256

Public Key Algorithm

Choose a public key algorithm from the following:

ssh-rsa
ssh-dss

Connection

Connection Timeout

The amount of time allowed for each read operation.

Valid rage is from 0 - n seconds.

0 indicates no timeout. Default value is 150 seconds.

Retry Transfers

The number of retries permitted for failed outbound transfers and at what frequency to retry them.

Specify the following:

The number of retries, where the minimum value is 0 (no retries allowed) and maximum is 5.
A numeric value and either minutes or seconds to specify how much time should elapse between retries.

Resume failed transfers

Select this check box to retry failed transfers starting where they failed.