Ciphers
Ciphers, also known as cipher suites, refer to the encryption technology that is used under the hood for encrypting data as it is in transit to and from Files.com using SSL/TLS.
At Files.com we take security seriously and rely on industry best practices for choosing secure encryption technologies.
However, we also take seriously our commitment to compatibility and building a long term partnership with our customers to support their applications long into the future.
Although we only offer secure modern encryption by default, we also allow our customers to optionally enable legacy (old) ciphers. This setting enables outdated clients, systems, and devices to connect via older ciphers and protocols that are known to be insecure.
Whenever a cipher becomes vulnerable or compromised we remove it from the modern (default) option and designate it to only work with the legacy cipher option.
A Note About the Term SSL / TLS
TLS refers to a more modern standard that replaces the SSL standard. When either term is used without a specific version number (such as SSLv3 or TLSv1.2), the terms TLS and SSL are used interchangeably on our documentation and website.
Default Secure Ciphers
By default, Files.com requires use of TLS v1.2 for any SSL or TLS encrypted connection, including FTP and HTTP.
We do not currently allow TLS v1.3, force TLS v1.3, nor allow customers to limit connections to use only TLS v1.3. This is due to the current middlebox issues affecting TLS 1.3, which cause sites to become unreachable whenever the connection passes through any middlebox which does not properly support TLS 1.3. Middleboxes include such devices as Firewall, Intrusion Detection System (IDS), Network Address Translator (NAT), WAN Optimizer, Load Balancer, and cellular networks.
HTTPS
Files.com supports the following TLS v1.2 cipher suites for HTTPS:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 4096)
TLS_DHE_RSA_WITH_AES_256_CCM_8 (dh 4096)
TLS_DHE_RSA_WITH_AES_256_CCM (dh 4096)
FTPS
Files.com supports the following TLS v1.2 cipher suites for FTPS:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048)
TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048)
TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048)
In the future, we intend to discontinue CBC ciphers on FTPS in our default secure mode. When we do this, customers will be required to switch to our optional support for legacy insecure ciphers in order to continue to use CBC ciphers on FTPS. We are waiting to make this switch until there is more substantial support for GCM ciphers for FTPS in the MFT industry, but we expect that time to come soon.
SFTP
SFTP does not use TLS or SSL at all, and instead implements its own encryption standards and cipher naming.
By default, Files.com supports the following security algorithms for SFTP:
| Type | Algorithms |
|---|---|
| Key Exchange |
|
| Server Host Key Algorithms |
|
| Encryption |
|
| MAC |
|
Our choice of default ciphers plus our other security capabilities earn Files.com an A+ Rating on the Qualys SSL grader.