Skip to main content
Blog

POODLE Update for FTP

December 5, 2014

As many of you are aware, Google recently discovered a major security flaw in the older SSLv3 protocols used to secure HTTPS, FTPS, and FTPES communication. This was called the POODLE bug and you can read about it hereExternal LinkThis link leads to an external website and will open in a new tab.

Almost immediately, we disabled SSlv3 for HTTP connections on BrickFTP in the interest of security.  We held off on disabling it on FTP connections to allow FTP clients time to update.

The time has come for us to flip the switch and disable SSLv3 on FTP as well.

We decided to let you (the site operator) selectively disable this requirement for FTPS and FTPES connections to maintain compatibility with legacy FTP applications that do not support TLS encryption.

We do not recommend that you disable this requirement, but if you experience problems with FTP because of this change, you can disable the requirement in your account at Configuration > Security. Please note that allowing SSLv3 is tantamount to not using encryption at all (because it is encryption that is known to be broken.)

Want more insights like this?

Visit our blog for more resources, best practices and the latest Files.com news.

Get The File Orchestration Platform Today

4,000+ organizations trust Files.com for mission-critical file operations. Start your free trial now and build your first flow in 60 seconds.

Start My Free TrialRequest a Demo

No credit card required • 7-day free trial • Setup in minutes