Keep in mind that even older SSL protocols are far more secure than plain text connections, so if you need
to support a wide variety of clients (Windows XP users, for example), setting the security level to
"Support Ancient Clients (Least Secure)" should not necessarily be considered "insecure". Highly
sophisticated attacks against your server may be possible in this case, but if the content of your server
doesn't warrant extremely high security, this may be a perfectly acceptable trade-off that allows virtually
anyone, even those using very old computers, to access the server with security that is much better than
plain HTTP.
On the other hand, if the content on your server is sensitive, or you are at a high risk of being hacked,
choosing "Require Up To Date Clients (Most Secure)" is probably the right choice. In this case, Rumpus
restricts clients to only the most secure cipher suites, stronger keys, etc. which ensures the greatest level of
security between the client and server, but requires that clients also be running software capable of these
advanced algorithms.
In between these extremes fall two other choices. "Support Older Clients" eliminates many of the most
likely possible SSL exploits and implements reasonably strong keys, while allowing the large majority of
clients in use today to connect to the server securely. "Support Modern Clients" provides excellent
security by requiring strong, modern cipher suites and very strong key lengths, while still supporting
access by a wide range of modern devices.
A Note About Ports
By default, HTTP service is provided on port 80, FTP on port 21, HTTPS on port 443 and Implicit FTPS
on port 990. (Standard FTPS, as an extension to non-secure FTP, uses 21.) It is important to note,
however, that these are merely defaults. There is nothing special about port 80, 21, 443 or 990. In
particular, ports 443 and 990 are not intrinsically secure. For example, secure HTTP service is not created
merely by running a Web service on port on port 443.
Do not set the “HTTP Port Number” (on the “Options” tab of the Web Settings window) to 443 or set the
“HTTPS Port” to 80. The HTTP and HTTPS servers are separate, and if they are assigned the same port
number, a conflict will arise. Similarly, make sure that the “Implicit FTPS Port” does not conflict with the
standard FTP port specified on the FTP Settings window.
Of course, there are a number of reasons for running any of these services on non-standard ports, and
changing ports is fully supported in Rumpus. However, it’s important to note that port selection does not
determine whether or not data is encrypted or secured. When possible, use the default port for each
offered service (HTTP, HTTPS, FTP and Implicit FTPS), and be sure that each service is assigned a unique
port number to avoid conflicts.