2014-12-05
POODLE Update for FTP
Recent Posts
- Automation Configuration Changes may be Required
- A New Look for Files.com
- Permission Fence - A New Way To Manage Permissions
- New Integrated Editor for Office Documents
- Announcing Snapshot Share Links
- Akamai Linode integration with Files.com
- Cloudflare integration with Files.com
- Files.com's Response to the Security Incident in Competing Software Product MOVEit
- Removal of CBC cipher suites from the default list
- Announcing Boomi Partner Connector
As many of you are aware, Google recently discovered a major security flaw in the older SSLv3 protocols used to secure HTTPS, FTPS, and FTPES communication. This was called the POODLE bug and you can read about it here.
Almost immediately, we disabled SSlv3 for HTTP connections on BrickFTP in the interest of security. We held off on disabling it on FTP connections to allow FTP clients time to update.
The time has come for us to flip the switch and disable SSLv3 on FTP as well.
We decided to let you (the site operator) selectively disable this requirement for FTPS and FTPES connections to maintain compatibility with legacy FTP applications that do not support TLS encryption.
We do not recommend that you disable this requirement, but if you experience problems with FTP because of this change, you can disable the requirement in your account at Configuration > Security. Please note that allowing SSLv3 is tantamount to not using encryption at all (because it is encryption that is known to be broken.)
Questions? Need help?
Please let us know how we can assist you. We’re here and glad to help. Please contact us by email, chat (in your web interface when logged in), or phone (1-800-286-8372 ext. 2).
Get Instant Access to Files.com
The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.
Start My Free Trial