TLS/SSL Encryption

<< Click to Display Table of Contents >>

Navigation:  Robo-FTP User's Guide > Appendix > Security > Supported Encryption Technologies >

TLS/SSL Encryption

Robo-FTP supports the following versions of SSL/TLS when connecting with the FTPS or HTTPS protocols:

 

SSL 3.0

TLS 1.0

TLS 1.1

TLS 1.2 (most recent version of TLS as of 2018)

 

Perfect Forward Secrecy

 

Without Perfect Forward Secrecy (PFS), if an adversary manages to compromise a server's private key, he will be able to decrypt any secure communications that were previously monitored and recorded by that adversary at any time in the past. Perfect Forward Secrecy is a property of certain modern ciphers which fully eliminates this risk through the use of additional, temporary keys that cannot be obtained by any eavesdropper. Robo-FTP supports Perfect Forward Secrecy by providing a large collection of PFS-enabled ciphers, including:

 

DHE-RSA-AES128-GCM-SHA256

DHE-RSA-AES128-SHA

DHE-RSA-AES128-SHA256

DHE-RSA-AES256-GCM-SHA384

DHE-RSA-AES256-SHA

DHE-RSA-AES256-SHA256

DHE-RSA-CAMELLIA128-SHA

DHE-RSA-CAMELLIA256-SHA

DHE-RSA-SEED-SHA

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES128-SHA256

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES256-SHA

ECDHE-RSA-AES256-SHA384

ECDHE-RSA-DES-CBC3-SHA

ECDHE-RSA-RC4-SHA

 

 

Supported HMACs (hash-based message authentication code)

 

Robo-FTP includes support for several different HMAC algorithms. A particular HMAC may only be available for certain ciphers, and vice-versa. The complete list of HMAC algorithms is as follows:

 

MD5

SHA

SHA256

SHA384

 

Supported Ciphers

 

Robo-FTP includes support for all 106 separate ciphers provided by OpenSSL 1.1.1e for use with TLS. Each of these ciphers can be paired with a limited number of HMAC algorithms, making for a total of 130 cipher + HMAC combinations. The complete cipher list is as follows:

 

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-ECDSA-AES256-GCM-SHA384

ECDHE-RSA-AES256-SHA384

ECDHE-ECDSA-AES256-SHA384

ECDHE-RSA-AES256-SHA

ECDHE-ECDSA-AES256-SHA

SRP-DSS-AES-256-CBC-SHA

SRP-RSA-AES-256-CBC-SHA

SRP-AES-256-CBC-SHA

DH-DSS-AES256-GCM-SHA384

DHE-DSS-AES256-GCM-SHA384

DH-RSA-AES256-GCM-SHA384

DHE-RSA-AES256-GCM-SHA384

DHE-RSA-AES256-SHA256

DHE-DSS-AES256-SHA256

DH-RSA-AES256-SHA256

DH-DSS-AES256-SHA256

DHE-RSA-AES256-SHA

DHE-DSS-AES256-SHA

DH-RSA-AES256-SHA

DH-DSS-AES256-SHA

DHE-RSA-CAMELLIA256-SHA

DHE-DSS-CAMELLIA256-SHA

DH-RSA-CAMELLIA256-SHA

DH-DSS-CAMELLIA256-SHA

AECDH-AES256-SHA

ADH-AES256-GCM-SHA384

ADH-AES256-SHA256

ADH-AES256-SHA

ADH-CAMELLIA256-SHA

ECDH-RSA-AES256-GCM-SHA384

ECDH-ECDSA-AES256-GCM-SHA384

ECDH-RSA-AES256-SHA384

ECDH-ECDSA-AES256-SHA384

ECDH-RSA-AES256-SHA

ECDH-ECDSA-AES256-SHA

AES256-GCM-SHA384

AES256-SHA256

AES256-SHA

CAMELLIA256-SHA

PSK-AES256-CBC-SHA

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-ECDSA-AES128-GCM-SHA256

ECDHE-RSA-AES128-SHA256

ECDHE-ECDSA-AES128-SHA256

ECDHE-RSA-AES128-SHA

ECDHE-ECDSA-AES128-SHA

SRP-DSS-AES-128-CBC-SHA

SRP-RSA-AES-128-CBC-SHA

SRP-AES-128-CBC-SHA

DH-DSS-AES128-GCM-SHA256

DHE-DSS-AES128-GCM-SHA256

DH-RSA-AES128-GCM-SHA256

DHE-RSA-AES128-GCM-SHA256

DHE-RSA-AES128-SHA256

DHE-DSS-AES128-SHA256

DH-RSA-AES128-SHA256

DH-DSS-AES128-SHA256

DHE-RSA-AES128-SHA

DHE-DSS-AES128-SHA

DH-RSA-AES128-SHA

DH-DSS-AES128-SHA

DHE-RSA-SEED-SHA

DHE-DSS-SEED-SHA

DH-RSA-SEED-SHA

DH-DSS-SEED-SHA

DHE-RSA-CAMELLIA128-SHA

DHE-DSS-CAMELLIA128-SHA

DH-RSA-CAMELLIA128-SHA

DH-DSS-CAMELLIA128-SHA

AECDH-AES128-SHA

ADH-AES128-GCM-SHA256

ADH-AES128-SHA256

ADH-AES128-SHA

ADH-SEED-SHA

ADH-CAMELLIA128-SHA

ECDH-RSA-AES128-GCM-SHA256

ECDH-ECDSA-AES128-GCM-SHA256

ECDH-RSA-AES128-SHA256

ECDH-ECDSA-AES128-SHA256

ECDH-RSA-AES128-SHA

ECDH-ECDSA-AES128-SHA

AES128-GCM-SHA256

AES128-SHA256

AES128-SHA

SEED-SHA

CAMELLIA128-SHA

IDEA-CBC-SHA

IDEA-CBC-MD5

RC2-CBC-MD5

PSK-AES128-CBC-SHA

ECDHE-RSA-RC4-SHA

ECDHE-ECDSA-RC4-SHA

AECDH-RC4-SHA

ADH-RC4-MD5

ECDH-RSA-RC4-SHA

ECDH-ECDSA-RC4-SHA

RC4-SHA

RC4-MD5

RC4-MD5

PSK-RC4-SHA

ECDHE-RSA-DES-CBC3-SHA

ECDHE-ECDSA-DES-CBC3-SHA

SRP-DSS-3DES-EDE-CBC-SHA

SRP-RSA-3DES-EDE-CBC-SHA

SRP-3DES-EDE-CBC-SHA

EDH-RSA-DES-CBC3-SHA

EDH-DSS-DES-CBC3-SHA

DH-RSA-DES-CBC3-SHA

DH-DSS-DES-CBC3-SHA

AECDH-DES-CBC3-SHA

ADH-DES-CBC3-SHA

ECDH-RSA-DES-CBC3-SHA

ECDH-ECDSA-DES-CBC3-SHA

DES-CBC3-SHA

DES-CBC3-MD5

PSK-3DES-EDE-CBC-SHA

EDH-RSA-DES-CBC-SHA

EDH-DSS-DES-CBC-SHA

DH-RSA-DES-CBC-SHA

DH-DSS-DES-CBC-SHA

ADH-DES-CBC-SHA

DES-CBC-SHA

EXP-EDH-RSA-DES-CBC-SHA

EXP-EDH-DSS-DES-CBC-SHA

EXP-ADH-DES-CBC-SHA

EXP-DES-CBC-SHA

EXP-RC2-CBC-MD5

EXP-ADH-RC4-MD5

EXP-RC4-MD5

 

 

SSL/TLS Implementation

 

Robo-FTP's SSL/TLS implementation is OpenSSL 1.1.1e, which is the most current version as of this writing. Implementation details of OpenSSL are beyond the scope of this document. Please visit openssl.org for any further details you might need.

 

See also: Connecting to Secure Sites