| admincc-service-enabled
|
This parameter enables Command Center Admin API REST calls. The default value is
True. Only Command Center supports "admincc" calls.
|
| admin-service-enabled
|
This parameter enables Admin API REST calls. The default value is
True. Both Command Center and Internet Server (if Admin server is enabled) support "admin" calls.
|
| ft-service-enabled
|
This parameter enables File Transfer API REST calls. The default value is
True. Only Internet Server supports "ft" calls.
|
| TLSCipherSuite
|
This parameter defines the ciphers used by MFT in any SSL/TLS connections.
If you select the
Use Secure Ciphers Only parameter during the installation process, this parameter will be filled in with secure ciphers. When the FTP service is started, all secure ciphers supported will be displayed. You can select any ciphers from the displayed list to add to this parameter. Multiple ciphers must be delimited with a comma.
This parameter only applies to FTPS (FTP over SSL) and Platform Server SSL connections. HTTPS connections use the parameters in the
server.xml ciphers parameter.
|
| TLSProtocols
|
This parameter defines TLS protocols that will be supported by FTPS and Platform Server SSL.
The valid values are:
TLSv1,
TLSv1.1, and
TLSv1.2.
By default, any TLS protocol is supported.
Before changing this parameter, ensure that all FTPS and Platform Server clients and servers support the defined TLS protocol.
This parameter only applies to FTPS (FTP over SSL) and Platform Server SSL connections. HTTPS connections use the parameters in the
server.xml
SSLEnabledProtocols parameter.
|
| SSHCipherSuite
|
This parameter defines the ciphers supported by MFT SFTP client and servers.
When the MFT SFTP service is started, all SSH ciphers supported are displayed. You can select the ciphers that you want to support. Multiple ciphers must be delimited with a comma.
|
| SSHKeyExchange
|
This parameter defines SSH key exchange algorithms supported by MFT SFTP client and servers.
When the MFT SFTP service is started, all SSH key exchange algorithms supported are displayed. You can select the key exchange algorithms that you want to support. Multiple key exchange algorithms must be delimited with a comma.
Note: By default, the diffie-hellman-group1-sha1 protocol is removed by MFT, because it is vulnerable to the logjam attack. Some old SFTP clients and servers require this parameter; therefore, occasionally you need to update this parameter to include this key exchange algorithm. You must include all key exchange algorithms that are supported.
|
| SSHDigestSuite
|
This parameter defines the digest (hash) suites supported by MFT SFTP client and servers.
When MFT SFTP service is started, all SSH digests supported are displayed. You can select the digests that you want to support. Multiple digests must be delimited with a comma.
|
| PasswordHashNew
|
This parameters defines the password digest used by MFT.
You have to use the defined value of
SHA=256.
|
| UnsecuredHTTPSupport
|
This parameter defines whether HTTP support is allowed.
The default value is
No, which indicates that HTTP support is not allowed and only HTTPS will be accepted. If you require HTTP support, set this value to
Yes.
Note: When using HTTP, no encryption of credentials or data will be performed.
|
| AllowedReferersForXferNavigation
|
This parameter adds HTTP referrer checking to the JSP pages that are used to navigate the directory tree structure. In addition to the URL, you have to add the loopback address.
This parameter is defined in the
web.xml file. It only needs to be set in Internet Server instances. It is ignored in
TIBCO MFT Command Center.
|
| AllowedReferersAdminJSP
|
This parameter adds HTTP referrer checking to the Administrator JSP pages. In addition to the URL, you have to add the loopback address.
This parameter needs to be set both in
TIBCO MFT Command Center instances and Internet Server instances, where the Admin service is installed.
|
| DisplayFTPBanner
|
This parameter defines whether MFT will display FTP and SFTP banners.
If this parameter is set to
Yes, you can define the banners or welcome message displayed in the Admin
Configure SSH Server and
Configure FTP Server pages.
|
| Anonymous
|
This parameter defines whether anonymous user can be used without authenticating the password.
If you enter the value
anonymous in this parameter, you must also create a user called
anonymous. Because the password is not validated, you must not give anonymous user access to any secure file or folders.
|
| Redirect HTTP to HTTPS
|
This parameter allows you to redirect HTTP requests to HTTPS port.
Uncomment the following parameter from the
web.xml file, which will automatically redirect HTTP requests to the HTTPS port.
<!-user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint->
|
| SecurityFilter
|
This parameter defines whether a browser can be allowed to render a page in a frame, an iFrame, or an object. This parameter prevents you from framing and clickjacking attacks.
By setting this parameter to
SAMEORIGIN, the browser can use the page in a frame if the server including it in a frame is the same as the one serving the page. By setting this parameter to
DENY, all attempts to load the page in a frame will fail.
The default value is
SAMEORIGIN.
|
|
ChangedPasswordEmailEnabled
|
This parameter defines whether an email is sent to a user when the user changes the password. We suggest setting this parameter to Yes to notify the user that the password has been changed.
|
