Ciphers

Ciphers, also known as cipher suitesExternal LinkThis link leads to an external website and will open in a new tab, refer to the encryption technology that is used under the hood for encrypting data as it is in transit to and from Files.com using SSL/TLS.

At Files.com we take security seriously and rely on industry best practices for choosing secure encryption technologies.

However, we also take seriously our commitment to compatibility and building a long term partnership with our customers to support their applications long into the future.

Although we only offer secure modern encryption by default, we also allow our customers to optionally enable legacy (old) ciphers. This setting enables outdated clients, systems, and devices to connect via older ciphers and protocols that are known to be insecure.

Whenever a cipher becomes vulnerable or compromised we remove it from the modern (default) option and designate it to only work with the legacy cipher option.

A Note About the Term SSL / TLS

TLS refers to a more modern standard that replaces the SSL standard. When either term is used without a specific version number (such as SSLv3 or TLSv1.2), the terms TLS and SSL are used interchangeably on our documentation and website.

Default Secure Ciphers

By default, Files.com requires use of TLS v1.2 for any SSL or TLS encrypted connection, including FTP and HTTP.

We do not currently allow TLS v1.3, force TLS v1.3, nor allow customers to limit connections to use only TLS v1.3. This is due to the current middlebox issues affecting TLS 1.3External LinkThis link leads to an external website and will open in a new tab, which cause sites to become unreachable whenever the connection passes through any middlebox which does not properly support TLS 1.3. Middleboxes include such devices as Firewall, Intrusion Detection System (IDS), Network Address Translator (NAT), WAN Optimizer, Load Balancer, and cellular networks.

HTTPS

Files.com supports the following TLS v1.2 cipher suites for HTTPS:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 4096)
TLS_DHE_RSA_WITH_AES_256_CCM_8 (dh 4096)
TLS_DHE_RSA_WITH_AES_256_CCM (dh 4096)

FTPS

Files.com supports the following TLS v1.2 cipher suites for FTPS:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048)
TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048)
TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) 

In the future, we intend to discontinue CBC ciphers on FTPS in our default secure mode. When we do this, customers will be required to switch to our optional support for legacy insecure ciphers in order to continue to use CBC ciphers on FTPS. We are waiting to make this switch until there is more substantial support for GCM ciphers for FTPS in the MFT industry, but we expect that time to come soon.

SFTP

SFTP does not use TLS or SSL at all, and instead implements its own encryption standards and cipher naming.

By default, Files.com supports the following security algorithms for SFTP:

TypeAlgorithms
Key Exchange

curve25519-sha256

curve25519-sha256@libssh.org

curve448-sha512

diffie-hellman-group-exchange-sha256

diffie-hellman-group18-sha512

diffie-hellman-group17-sha512

diffie-hellman-group16-sha512

diffie-hellman-group15-sha512

diffie-hellman-group14-sha256

Server Host Key Algorithms

ssh-rsa

rsa-sha2-256

rsa-sha2-512

Encryption

chacha20-poly1305@openssh.com

aes128-ctr (a.k.a. AES-128 SDCTR [AES-NI accelerated])

aes192-ctr (a.k.a. AES-192 SDCTR [AES-NI accelerated])

aes256-ctr (a.k.a. AES-256 SDCTR [AES-NI accelerated])

aes128-gcm@openssh.com

aes256-gcm@openssh.com

MAC

hmac-sha2-256

hmac-sha2-512

hmac-sha1

hmac-sha2-512-etm@openssh.com

hmac-sha2-256-etm@openssh.com

hmac-sha1-etm@openssh.com

Our choice of default ciphers plus our other security capabilities earn Files.com an A+ Rating on the Qualys SSL graderExternal LinkThis link leads to an external website and will open in a new tab.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.