<< Click to Display Table of Contents >> Navigation: Robo-FTP Server > Introducing Robo-FTP Server > Supported Encryption Technologies > SSL/TLS Encryption |
Robo-FTP Server supports the following versions of SSL/TLS when connecting with the FTPS or HTTPS protocols:
•SSL 3.0
•TLS 1.0
•TLS 1.1
•TLS 1.2 (most recent version of TLS as of 2017)
When Robo-FTP Server is running in "FIPS Mode" it will refuse incoming connections from clients that are unable to use strong encryption algorithms like those required by the Federal Information Processing Standards (FIPS) or the Payment Card industry. When FIPS Mode is enabled, only connections encrypted with 256 bit AES or Triple DES are allowed, and the client must connect with the most recent version of the TLS protocol (TLS v1.2).
FIPS Mode
Robo-FTP Server supports an optional FIPS Mode, under which the server will refuse incoming connections from clients that are unable to use strong encryption algorithms like those required by Federal Information Processing Standards or the Payment Card industry. When FIPS Mode is enabled, only connections encrypted with 256 bit AES or Triple DES are allowed.
Perfect Forward Secrecy
Without Perfect Forward Secrecy (PFS), if an adversary manages to compromise a server's private key, he will be able to decrypt any secure communications that were previously monitored and recorded by that adversary at any time in the past. Perfect Forward Secrecy is a property of certain modern ciphers which fully eliminates this risk through the use of additional, temporary keys that cannot be obtained by any eavesdropper. Robo-FTP Server supports Perfect Forward Secrecy by providing a large collection of PFS-enabled ciphers, including:
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA
DHE-RSA-AES256-SHA256
DHE-RSA-CAMELLIA128-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-RSA-SEED-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-DES-CBC3-SHA
ECDHE-RSA-RC4-SHA
TLS Session Resumption
Robo-FTP Server supports TLS Session Resumption, which allows a client to reuse secret data computed during a previous TLS handshake for use in subsequent connections to the server. This reduces network and processing overhead on the server and also cuts down the average time needed for a client to establish a TLS connection. Robo-FTP Server offers a TLS Session lifetime of 30 minutes.
SSL/TLS Implementation
Robo-FTP Server's SSL implementation is OpenSSL 1.0.2, which is the most current version as of this writing. Implementation details of OpenSSL are beyond the scope of this document. Please visit openssl.org for any further details you might need.