<< Click to Display Table of Contents >> Navigation: Robo-FTP User's Guide > Appendix > Security > Supported Encryption Technologies > TLS/SSL Encryption |
Robo-FTP supports the following versions of SSL/TLS when connecting with the FTPS or HTTPS protocols:
•SSL 3.0
•TLS 1.0
•TLS 1.1
•TLS 1.2 (most recent version of TLS as of 2018)
Perfect Forward Secrecy
Without Perfect Forward Secrecy (PFS), if an adversary manages to compromise a server's private key, he will be able to decrypt any secure communications that were previously monitored and recorded by that adversary at any time in the past. Perfect Forward Secrecy is a property of certain modern ciphers which fully eliminates this risk through the use of additional, temporary keys that cannot be obtained by any eavesdropper. Robo-FTP supports Perfect Forward Secrecy by providing a large collection of PFS-enabled ciphers, including:
•DHE-RSA-AES128-GCM-SHA256
•DHE-RSA-AES128-SHA
•DHE-RSA-AES128-SHA256
•DHE-RSA-AES256-GCM-SHA384
•DHE-RSA-AES256-SHA
•DHE-RSA-AES256-SHA256
•DHE-RSA-CAMELLIA128-SHA
•DHE-RSA-CAMELLIA256-SHA
•DHE-RSA-SEED-SHA
•ECDHE-RSA-AES128-GCM-SHA256
•ECDHE-RSA-AES128-SHA
•ECDHE-RSA-AES128-SHA256
•ECDHE-RSA-AES256-GCM-SHA384
•ECDHE-RSA-AES256-SHA
•ECDHE-RSA-AES256-SHA384
•ECDHE-RSA-DES-CBC3-SHA
•ECDHE-RSA-RC4-SHA
Supported HMACs (hash-based message authentication code)
Robo-FTP includes support for several different HMAC algorithms. A particular HMAC may only be available for certain ciphers, and vice-versa. The complete list of HMAC algorithms is as follows:
•MD5
•SHA
•SHA256
•SHA384
Supported Ciphers
Robo-FTP includes support for all 106 separate ciphers provided by OpenSSL 1.1.1e for use with TLS. Each of these ciphers can be paired with a limited number of HMAC algorithms, making for a total of 130 cipher + HMAC combinations. The complete cipher list is as follows:
•ECDHE-RSA-AES256-GCM-SHA384
•ECDHE-ECDSA-AES256-GCM-SHA384
•ECDHE-RSA-AES256-SHA384
•ECDHE-ECDSA-AES256-SHA384
•ECDHE-RSA-AES256-SHA
•ECDHE-ECDSA-AES256-SHA
•SRP-DSS-AES-256-CBC-SHA
•SRP-RSA-AES-256-CBC-SHA
•SRP-AES-256-CBC-SHA
•DH-DSS-AES256-GCM-SHA384
•DHE-DSS-AES256-GCM-SHA384
•DH-RSA-AES256-GCM-SHA384
•DHE-RSA-AES256-GCM-SHA384
•DHE-RSA-AES256-SHA256
•DHE-DSS-AES256-SHA256
•DH-RSA-AES256-SHA256
•DH-DSS-AES256-SHA256
•DHE-RSA-AES256-SHA
•DHE-DSS-AES256-SHA
•DH-RSA-AES256-SHA
•DH-DSS-AES256-SHA
•DHE-RSA-CAMELLIA256-SHA
•DHE-DSS-CAMELLIA256-SHA
•DH-RSA-CAMELLIA256-SHA
•DH-DSS-CAMELLIA256-SHA
•AECDH-AES256-SHA
•ADH-AES256-GCM-SHA384
•ADH-AES256-SHA256
•ADH-AES256-SHA
•ADH-CAMELLIA256-SHA
•ECDH-RSA-AES256-GCM-SHA384
•ECDH-ECDSA-AES256-GCM-SHA384
•ECDH-RSA-AES256-SHA384
•ECDH-ECDSA-AES256-SHA384
•ECDH-RSA-AES256-SHA
•ECDH-ECDSA-AES256-SHA
•AES256-GCM-SHA384
•AES256-SHA256
•AES256-SHA
•CAMELLIA256-SHA
•PSK-AES256-CBC-SHA
•ECDHE-RSA-AES128-GCM-SHA256
•ECDHE-ECDSA-AES128-GCM-SHA256
•ECDHE-RSA-AES128-SHA256
•ECDHE-ECDSA-AES128-SHA256
•ECDHE-RSA-AES128-SHA
•ECDHE-ECDSA-AES128-SHA
•SRP-DSS-AES-128-CBC-SHA
•SRP-RSA-AES-128-CBC-SHA
•SRP-AES-128-CBC-SHA
•DH-DSS-AES128-GCM-SHA256
•DHE-DSS-AES128-GCM-SHA256
•DH-RSA-AES128-GCM-SHA256
•DHE-RSA-AES128-GCM-SHA256
•DHE-RSA-AES128-SHA256
•DHE-DSS-AES128-SHA256
•DH-RSA-AES128-SHA256
•DH-DSS-AES128-SHA256
•DHE-RSA-AES128-SHA
•DHE-DSS-AES128-SHA
•DH-RSA-AES128-SHA
•DH-DSS-AES128-SHA
•DHE-RSA-SEED-SHA
•DHE-DSS-SEED-SHA
•DH-RSA-SEED-SHA
•DH-DSS-SEED-SHA
•DHE-RSA-CAMELLIA128-SHA
•DHE-DSS-CAMELLIA128-SHA
•DH-RSA-CAMELLIA128-SHA
•DH-DSS-CAMELLIA128-SHA
•AECDH-AES128-SHA
•ADH-AES128-GCM-SHA256
•ADH-AES128-SHA256
•ADH-AES128-SHA
•ADH-SEED-SHA
•ADH-CAMELLIA128-SHA
•ECDH-RSA-AES128-GCM-SHA256
•ECDH-ECDSA-AES128-GCM-SHA256
•ECDH-RSA-AES128-SHA256
•ECDH-ECDSA-AES128-SHA256
•ECDH-RSA-AES128-SHA
•ECDH-ECDSA-AES128-SHA
•AES128-GCM-SHA256
•AES128-SHA256
•AES128-SHA
•SEED-SHA
•CAMELLIA128-SHA
•IDEA-CBC-SHA
•IDEA-CBC-MD5
•RC2-CBC-MD5
•PSK-AES128-CBC-SHA
•ECDHE-RSA-RC4-SHA
•ECDHE-ECDSA-RC4-SHA
•AECDH-RC4-SHA
•ADH-RC4-MD5
•ECDH-RSA-RC4-SHA
•ECDH-ECDSA-RC4-SHA
•RC4-SHA
•RC4-MD5
•RC4-MD5
•PSK-RC4-SHA
•ECDHE-RSA-DES-CBC3-SHA
•ECDHE-ECDSA-DES-CBC3-SHA
•SRP-DSS-3DES-EDE-CBC-SHA
•SRP-RSA-3DES-EDE-CBC-SHA
•SRP-3DES-EDE-CBC-SHA
•EDH-RSA-DES-CBC3-SHA
•EDH-DSS-DES-CBC3-SHA
•DH-RSA-DES-CBC3-SHA
•DH-DSS-DES-CBC3-SHA
•AECDH-DES-CBC3-SHA
•ADH-DES-CBC3-SHA
•ECDH-RSA-DES-CBC3-SHA
•ECDH-ECDSA-DES-CBC3-SHA
•DES-CBC3-SHA
•DES-CBC3-MD5
•PSK-3DES-EDE-CBC-SHA
•EDH-RSA-DES-CBC-SHA
•EDH-DSS-DES-CBC-SHA
•DH-RSA-DES-CBC-SHA
•DH-DSS-DES-CBC-SHA
•ADH-DES-CBC-SHA
•DES-CBC-SHA
•EXP-EDH-RSA-DES-CBC-SHA
•EXP-EDH-DSS-DES-CBC-SHA
•EXP-ADH-DES-CBC-SHA
•EXP-DES-CBC-SHA
•EXP-RC2-CBC-MD5
•EXP-ADH-RC4-MD5
•EXP-RC4-MD5
SSL/TLS Implementation
Robo-FTP's SSL/TLS implementation is OpenSSL 1.1.1e, which is the most current version as of this writing. Implementation details of OpenSSL are beyond the scope of this document. Please visit openssl.org for any further details you might need.
See also: Connecting to Secure Sites