Ciphers
Ciphers refer to the encryption technology that is used under the hood for encrypting data as it is in transit to and from Files.com using SSL (and TLS).
At Files.com we take security seriously and rely on industry best practices for choosing secure encryption technologies.
However, we also take seriously our commitment to compatibility and building a long term partnership with our customers to support their applications long into the future.
So, we only offer secure modern encryption by default, but we also allow our customers to optionally enable legacy (old) versions of encryption using a setting in our Settings page. This setting enables outdated clients, systems, and devices to connect via older ciphers and protocols that are known to be insecure.
Files.com uses the term SSL for encrypted data in transit which also includes support for TLS. TLS is an improved version of SSL, it works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry.
Files.com supports the following TLS 1.2 cipher suites for FTPS and HTTPS:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
We currently do not force TLS 1.3, nor allow customers to limit connections to use only TLS 1.3.
This is due to the current middlebox issues affecting TLS 1.3, which cause sites to become unreachable whenever the connection passes through any middlebox which does not properly support TLS 1.3.
Middleboxes include such devices as Firewall, Intrusion Detection System (IDS), Network Address Translator (NAT), WAN Optimizer, Load Balancer, and cellular networks.
Limiting network connectivity to only TLS 1.3 is currently only recommended for internal (LAN) networks.
Files.com supports the following security algorithms for SFTP:
Key Exchange | curve25519-sha256 curve25519-sha256@libssh.org curve448-sha512 diffie-hellman-group-exchange-sha256 diffie-hellman-group18-sha512 diffie-hellman-group17-sha512 diffie-hellman-group16-sha512 diffie-hellman-group15-sha512 diffie-hellman-group14-sha256 |
Server Host Key Algorithms | ssh-rsa rsa-sha2-256 rsa-sha2-512 |
Encryption | chacha20-poly1305@openssh.com aes128-ctr (a.k.a. AES-128 SDCTR [AES-NI accelerated]) aes192-ctr (a.k.a. AES-192 SDCTR [AES-NI accelerated]) aes256-ctr (a.k.a. AES-256 SDCTR [AES-NI accelerated]) aes128-gcm@openssh.com aes256-gcm@openssh.com |
MAC | hmac-sha2-256 hmac-sha2-512 hmac-sha1 hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha1-etm@openssh.com |
Our choice of default ciphers plus our other security capabilities earn Files.com an A+ Rating on the Qualys SSL grader.
For compatibility with older, insecure clients, we also offer a configuration setting for Files.com that allows you to enable legacy insecure ciphers for your site.
These are often used to maintain compatibility with older outdated apps, such as on-premise file transfer apps.
In many cases, you may be stuck supporting these because they are maintained by a client or vendor.
A site administrator can enable this setting.
We strongly recommend not using this setting. Use of known insecure ciphers is dangerous because an uninformed user of your site might think that they are using secure encryption when they are actually using encryption that is broken.
Use of this setting will make your site ineligible for our HIPAA BAA program and most likely other compliance initiatives.
You should treat all connections to your site as if they are fully insecure if you use this option.
For example, the Payment Card Industry (PCI) Security Standards Council has mandated that anyone subject to PCI rules must upgrade to TLS 1.2 by July 1, 2018. Other compliance regimes have instituted similar mandates.
The best way to avoid the need for this setting is to ask all your clients, vendors, or counterparties to upgrade to the latest version of any app they are using.
Better yet would be if you introduced your clients or vendors to us! We'd be happy to have our Sales team reach out and help them upgrade to Files.com on their end, so they can take advantage of all the security offered by the Files.com platform.
Another course of action is to have users try to switch between FTPS (FTP with TLS encryption) and SFTP. In many programs, this will cause the client to use a completely different process for encryption, and it may be the case that their app is more secure in the other mode.
With insecure ciphers enabled, the following additional cipher suites are supported for FTPS and HTTPS:
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
Additionally, with insecure ciphers enabled, the following security algorithms are enabled for SFTP:
Key Exchange | ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256 diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 diffie-hellman-group18-sha512 diffie-hellman-group17-sha512 diffie-hellman-group16-sha512 diffie-hellman-group15-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 curve25519-sha256 curve25519-sha256@libssh.org curve448-sha512 |
Server Host Key Algorithms | ssh-rsa rsa-sha2-256 rsa-sha2-512 |
Encryption | aes128-ctr (a.k.a. AES-128 SDCTR [AES-NI accelerated]) aes192-ctr (a.k.a. AES-192 SDCTR [AES-NI accelerated]) aes256-ctr (a.k.a. AES-256 SDCTR [AES-NI accelerated]) arcfour256 arcfour128 aes128-cbc 3des-cbc blowfish-cbc aes192-cbc aes256-cbc chacha20-poly1305@openssh.com aes128-gcm@openssh.com aes256-gcm@openssh.com |
MAC | hmac-md5 hmac-sha1 hmac-sha2-256 hmac-sha2-512 hmac-sha1-96 hmac-md5-96 hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha1-etm@openssh.com |
The Insecure Ciphers setting on Files.com offers three settings allowing you to choose between maximizing security and maximizing compatibility.
These options are to (1) use only secure ciphers everywhere, (2) enable insecure ciphers for SFTP only, and (3) enable insecure ciphers for SFTP, FTPS, and HTTPS.
Beyond the 3 options provided, it is not possible to pick and choose certain ciphers to enable and disable. We are open to paid custom development to build custom configurations for certain customers, however, this would require an Enterprise contract. Please contact us to learn more.
While we strongly recommend not allowing any insecure ciphers, if your organization requires them, then we advise using this setting to limit insecure ciphers to SFTP connections only.
The Insecure Ciphers setting on Files.com is a sitewide-level configuration, so it is not technically possible to allow different ciphers for different users.
Within most SSL protocols, including TLS and SSH protocol, the cipher negotiation between the client and server happens prior to authentication, so the server would have no way of knowing which user it is negotiating with in order to offer different ciphers.
Like other SFTP servers, Files.com adheres to RFC4253, section 7.1 when negotiating with SFTP clients to decide which ciphers to use.
Simply put, the SFTP client will send the list of ciphers it supports in order of preference, and the server will choose the first cipher on the list that it also supports. Hence, the choice is biased towards the client's preferences.
A well-written, properly-configured, and up-to-date client will prefer secure ciphers to insecure ciphers.
Unfortunately, many of the SFTP and FTP clients (and even web browsers) that we see actually connecting to Files.com are not necessarily well-written, properly-configured, or up-to-date.
Therefore we encourage our customers to assume the worst when deciding to allow insecure ciphers: assume they’ll be used.
To view the ciphers used when a user last connected, type Manage users in the search box at the top of each page and click on the matching result. Edit the desired user and click on the Other connections tab. At the bottom of the screen it will show the ciphers used when they last connected.
You can use the Files.com Command Line App (CLI) to generate a CSV report of your users that are connecting with insecure ciphers.
You will need the latest version of both the Files.com CLI and Powershell to run the script that generates the report on Windows.
Run the following from Powershell (replace YOUR-API-KEY with an API key generated at Settings > Integrations > Others > API keys > Add key):
files-cli --api-key YOUR-API-KEY users list --fields username,last_login_at,last_protocol_cipher --format csv | Select-String -CaseSensitive -Pattern "TLSv1;|TLSv1.1;|nistp521|nistp384|nistp256|exchange-sha1|group1|arcfour|-cbc|hmac-md5|sha1-96" > users.csv
Run the following from a terminal (replace YOUR-API-KEY with an API key generated at Settings > Integrations > Others > API keys > Add key):
files-cli --api-key YOUR-API-KEY users list --fields username,last_login_at,last_protocol_cipher --format csv | grep "TLSv1;\|TLSv1.1;\|nistp521\|nistp384\|nistp256\|exchange-sha1\|group1\|arcfour\|-cbc\|hmac-md5\|sha1-96" > users.csv
The generated users.csv file will list the usernames of users connecting with insecure ciphers, including the ciphers they used and when they last logged in.
Many error messages in third party apps related to encryption, ciphers, etc. will go away by upgrading the version of the app. We always recommend upgrading to the latest and greatest because it often brings security and speed benefits.
This is especially true if it prevents you from needing to enable our insecure ciphers setting, which insecure.
CuteFTP versions prior to 9.2.0 do not support the ciphers needed for Files.com to operate securely. Suggest upgrading CuteFTP 9.2.0 or later, which fully supports secure encryption.
CuteFTP versions below 9.2.0 can only be supported using insecure ciphers.
WS_FTP versions prior to 12.6 and MoveIt versions prior to 9.1.0.3.0 do not support the ciphers needed for Files.com to operate securely.
If they have already upgraded, and are still receiving key exchange errors, note that there is a known issue with upgrading previous versions of WS_FTP Professional to 12.6 where the ssh-algos.txt file is not updated with the following ssh-kex: diffie-hellman-group-exchange-sha256.
Users can manually add this to the ssh-algos.txt file located at: C:\Users\<user>\AppData\Roaming\Ipswitch\WS_FTP to resolve this.
Microsof .NET versions below 4.5 don't work natively with secure ciphers.
- .NET 4.5. TLS 1.2 is supported, but it’s not a default protocol. You need to opt-in to use it. The following code will make TLS 1.2 default - make sure to execute it before making a connection to secured resource: ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
- .NET 4.0. TLS 1.2 is not supported. Upgrade your application to more recent version of the framework.
If you are unable to upgrade your .NET application, you will need to leverage the Insecure Ciphers capability of Files.com.
Get Instant Access to Files.com
The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.
Start My Free Trial