Configure a custom SSL encryption policy when you want to specify an SSL encryption policy for the control channel and data channel separately. For example, you might encrypt the control channel to avoid passing user credentials in cleartext. Or you might
encrypt the data channel to protect sensitive information from being disclosed or changed.
To configure the SSL encryption policy for the control channel and data channel
-
Open IIS 管理器.
-
In the Connections pane, select the server node.
-
In Features View, double-click FTP SSL Settings.
-
Under SSL Policy, select Custom and then click
Advanced. -
In the Advanced SSL Policy dialog box, under Control Channel select one of the following options for SSL encryption over the control channel:
- Allow: Requires SSL encryption for all users, but gives the anonymous user identity the ability to establish a connection without encryption.
- Require: Requires SSL encryption for all users, including the anonymous user identity.
- Require only for credentials: Requires SSL encryption for all users, but does not allow the anonymous user identity to establish an encrypted connection.
-
Under Data Channel, select one of the following options for SSL encryption over the data channel:
- Allow: When an encrypted connection is established, data transfer is encrypted but requests for metadata (using the DIR command) return a non-encrypted reply.
- Require: Requires SSL encryption over the data channel.
- Deny: Denies SSL encryption over the data channel.
-
Click OK.
-
In the Actions pane, click Apply.