Skip to main content

Ciphers

Ciphers, also known as cipher suitesExternal LinkThis link leads to an external website and will open in a new tab, refer to the encryption technology that is used under the hood for encrypting data as it is in transit to and from Files.com using SSL/TLS.

At Files.com we take security seriously and rely on industry best practices for choosing secure encryption technologies.

However, we also take seriously our commitment to compatibility and building a long term partnership with our customers to support their applications long into the future.

Although we only offer secure modern encryption by default, we also allow our customers to optionally enable legacy (old) ciphers. This setting enables outdated clients, systems, and devices to connect via older ciphers and protocols that are known to be insecure.

Whenever a cipher becomes vulnerable or compromised we remove it from the modern (default) option and designate it to only work with the legacy cipher option.

A Note About the Term SSL / TLS

TLS refers to a more modern standard that replaces the SSL standard. When either term is used without a specific version number (such as SSLv3 or TLSv1.3), the terms TLS and SSL are used interchangeably on our documentation and website.

Default Secure Ciphers

By default, Files.com uses TLS v1.3 for HTTP connections, and TLS v1.2 for FTP.

TLS v1.2 is also supported for HTTP, and is configured to support the same level of security as TLS v1.3.

Our SSL configuration is considered an A+ Rating, according to the Qualys SSL graderExternal LinkThis link leads to an external website and will open in a new tab.

HTTPS

Files.com supports the following TLS v1.3 cipher suites for HTTPS:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 4096)
TLS_DHE_RSA_WITH_AES_256_CCM_8 (dh 4096)
TLS_DHE_RSA_WITH_AES_256_CCM (dh 4096)

FTPS

Files.com supports the following TLS v1.2 cipher suites for FTPS:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048)
TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048)
TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) 

A Note about CBC Ciphers

Files.com currently supports both CBC (Cipher Block Chaining) and GCM (Galois/Counter Mode) ciphers for FTPS connections. While CBC ciphers are widely used today, they are no longer considered fully secure by the security community due to known vulnerabilities in their design.

GCM ciphers are the preferred modern alternative, offering improved security and performance. However, support for GCM in FTPS clients—particularly those used in automated and legacy-managed file transfer (MFT) workflows—is still limited. As of now, nearly half of Files.com customers running automated FTPS workflows rely on CBC-based cipher suites.

We plan to phase out CBC ciphers from our default secure mode for FTPS in the future. Once this change takes place, customers who need to continue using CBC ciphers will be required to opt in to our optional support for legacy (less secure) cipher modes.

We’re carefully monitoring industry trends and client compatibility before making this change. While Box removed CBC cipher support for FTP in early 2025, Files.com serves a broader set of use cases—including many on-premise and legacy MFT environments—which require a more gradual transition.

We currently expect to make this change in 2026 or 2027, depending on how quickly GCM support improves across the FTPS ecosystem.

SFTP

SFTP does not use TLS or SSL at all, and instead implements its own encryption standards and cipher naming.

By default, Files.com supports the following security algorithms for SFTP:

TypeAlgorithms
Key Exchange

curve25519-sha256

curve25519-sha256@libssh.org

curve448-sha512

diffie-hellman-group-exchange-sha256

diffie-hellman-group18-sha512

diffie-hellman-group17-sha512

diffie-hellman-group16-sha512

diffie-hellman-group15-sha512

diffie-hellman-group14-sha256

Server Host Key Algorithms

ssh-rsa

rsa-sha2-256

rsa-sha2-512

Encryption

chacha20-poly1305@openssh.com

aes128-ctr (a.k.a. AES-128 SDCTR [AES-NI accelerated])

aes192-ctr (a.k.a. AES-192 SDCTR [AES-NI accelerated])

aes256-ctr (a.k.a. AES-256 SDCTR [AES-NI accelerated])

aes128-gcm@openssh.com

aes256-gcm@openssh.com

MAC

hmac-sha2-256

hmac-sha2-512

hmac-sha1

hmac-sha2-512-etm@openssh.com

hmac-sha2-256-etm@openssh.com

hmac-sha1-etm@openssh.com

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial