Skip to main content

Ciphers

Ciphers, also known as cipher suitesExternal LinkThis link leads to an external website and will open in a new tab, are the encryption technology that is used under the hood for encrypting data moving to and from Files.com using SSL/TLS.

At Files.com, we take security seriously and rely on industry best practices for choosing secure encryption technologies.

However, we are also committed to compatibility and building a long term partnership with our customers to support their applications long into the future.

Although we only offer secure modern encryption by default, we also allow our customers to optionally enable legacy (old) ciphers. This setting enables outdated clients, systems, and devices to connect via older ciphers and protocols that are known to be insecure.

While you can enable legacy insecure ciphers, we recommend updating those connections to more secure ones. To phase out the use of insecure ciphers on legacy connections, you can run pre-defined reports to determine which ciphers are being used. This gives you current and historical information about how each of your users' connections are affected.

Whenever a cipher becomes vulnerable or compromised we remove it from the modern (default) option and designate it to only work with the legacy cipher option.

A Note About the Term SSL / TLS

TLS refers to a more modern standard that replaces the SSL standard. When either term is used without a specific version number (such as TLSv1.3), the terms TLS and SSL are used interchangeably on our documentation and website.

Default Secure Ciphers

By default, Files.com uses TLS v1.3 for HTTP connections, and TLS v1.2 for FTP.

TLS v1.2 is also supported for HTTP, and is configured to support the same level of security as TLS v1.3.

Our SSL configuration is considered an A+ Rating, according to the Qualys SSL graderExternal LinkThis link leads to an external website and will open in a new tab.

HTTPS

Files.com supports the following TLS v1.3 cipher suites for HTTPS:

TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519)
TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519)
TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519)

Files.com supports the following TLS v1.2 cipher suites for HTTPS:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 4096)
TLS_DHE_RSA_WITH_AES_256_CCM_8 (dh 4096)
TLS_DHE_RSA_WITH_AES_256_CCM (dh 4096)

FTPS

Files.com supports the following TLS v1.2 cipher suites for FTPS:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048)
TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048)
TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048)

A Note about CBC Ciphers

Files.com currently supports both CBC (Cipher Block Chaining) and GCM (Galois/Counter Mode) ciphers for FTPS connections. CBC ciphers remain common but have known design flaws. TLS v1.2 reduces many of these risks, but security experts no longer consider CBC ciphers fully secure.

GCM ciphers offer stronger security and performance. They are the preferred choice. May FTPS clients do not yet support GCM, particularly those used in automated and legacy-managed file transfer (MFT) workflows.

As of 2025, nearly half of Files.com customers running automated FTPS workflows still rely on CBC ciphers to connect to their counterparties.

We plan to phase out CBC ciphers from our default secure FTPS mode. After this change, customers who need CBC ciphers must opt in to our optional support for legacy (less secure) cipher modes.

We’re carefully monitoring industry trends and client compatibility. BoxExternal LinkThis link leads to an external website and will open in a new tab removed CBC cipher support for FTP in early 2025. Files.com supports more automation-heavy workflows, including on-premise and legacy MFT environments. These use cases require a slower transition.

We expect to make this change in 2026 or 2027, depending on how quickly FTPS clients adopt GCM support.

SFTP

SFTP does not use TLS or SSL at all, and instead implements its own encryption standards and cipher naming.

By default, Files.com supports the following security algorithms for SFTP:

TypeAlgorithms
Key Exchange

curve25519-sha256

curve25519-sha256@libssh.org

curve448-sha512

diffie-hellman-group-exchange-sha256

diffie-hellman-group18-sha512

diffie-hellman-group17-sha512

diffie-hellman-group16-sha512

diffie-hellman-group15-sha512

diffie-hellman-group14-sha256

Server Host Key Algorithms

ssh-rsa

rsa-sha2-256

rsa-sha2-512

Encryption

chacha20-poly1305@openssh.com

aes128-ctr (a.k.a. AES-128 SDCTR [AES-NI accelerated])

aes192-ctr (a.k.a. AES-192 SDCTR [AES-NI accelerated])

aes256-ctr (a.k.a. AES-256 SDCTR [AES-NI accelerated])

aes128-gcm@openssh.com

aes256-gcm@openssh.com

MAC

hmac-sha2-256

hmac-sha2-512

hmac-sha1

hmac-sha2-512-etm@openssh.com

hmac-sha2-256-etm@openssh.com

hmac-sha1-etm@openssh.com

Ready to Transform Your File Infrastructure?

Join over 4,000 organizations that trust Files.com to manage their mission-critical file flows. Start your free trial today and see why we're the #1 rated file orchestration platform.

Start Free TrialSee Platform Demo

No credit card required • 7-day free trial • Setup in minutes