SSL/TLS Encryption

<< Click to Display Table of Contents >>

Navigation:  Robo-FTP Server > Introducing Robo-FTP Server > Supported Encryption Technologies >

SSL/TLS Encryption

Robo-FTP Server supports the following versions of SSL/TLS when connecting with the FTPS or HTTPS protocols:

 

SSL 3.0

TLS 1.0

TLS 1.1

TLS 1.2 (most recent version of TLS as of 2017)

 

When Robo-FTP Server is running in "High Security Mode" it will refuse incoming connections from clients that are unable to use strong encryption algorithms like those required by the Federal Information Processing Standards (FIPS) or the Payment Card industry. When High Security Mode is enabled, only connections encrypted with 256-bit AES are allowed, and the client must connect with the most recent version of the TLS protocol (TLS v1.2).

 

High Security Mode

 

Robo-FTP Server supports an optional High Security Mode, under which the server will refuse incoming connections from clients that are unable to use strong encryption algorithms like those required by Federal Information Processing Standards or the Payment Card industry. When High Security Mode is enabled, only connections encrypted with 256-bit AES are allowed, and only when secured with SHA256 or SHA384 HMACs.

 

 

Perfect Forward Secrecy

 

Without Perfect Forward Secrecy (PFS), if an adversary manages to compromise a server's private key, he will be able to decrypt any secure communications that were previously monitored and recorded by that adversary at any time in the past. Perfect Forward Secrecy is a property of certain modern ciphers which fully eliminates this risk through the use of additional, temporary keys that cannot be obtained by any eavesdropper. Robo-FTP Server supports Perfect Forward Secrecy by providing a large collection of PFS-enabled ciphers, including:

 

 DHE-RSA-AES128-GCM-SHA256

 DHE-RSA-AES128-SHA

 DHE-RSA-AES128-SHA256

 DHE-RSA-AES256-GCM-SHA384

 DHE-RSA-AES256-SHA

 DHE-RSA-AES256-SHA256

 DHE-RSA-CAMELLIA128-SHA

 DHE-RSA-CAMELLIA256-SHA

 DHE-RSA-SEED-SHA

 ECDHE-RSA-AES128-GCM-SHA256

 ECDHE-RSA-AES128-SHA

 ECDHE-RSA-AES128-SHA256

 ECDHE-RSA-AES256-GCM-SHA384

 ECDHE-RSA-AES256-SHA

 ECDHE-RSA-AES256-SHA384

 ECDHE-RSA-DES-CBC3-SHA

 ECDHE-RSA-RC4-SHA

 

TLS Session Resumption

 

Robo-FTP Server supports TLS Session Resumption, which allows a client to reuse secret data computed during a previous TLS handshake for use in subsequent connections to the server. This reduces network and processing overhead on the server and also cuts down the average time needed for a client to establish a TLS connection. Robo-FTP Server offers a TLS Session lifetime of 30 minutes.

 

SSL/TLS Implementation

 

Robo-FTP Server's SSL implementation is OpenSSL 1.0.2, which is the most current version as of this writing. Implementation details of OpenSSL are beyond the scope of this document. Please visit openssl.org for any further details you might need.