When Robo-FTP Server is running in "High Security Mode" it will refuse incoming connections from clients that are unable to use strong encryption algorithms like those required by Federal Information Processing Standards or the Payment Card industry. When High Security Mode is enabled, only connections encrypted with 256-bit AES are allowed.
To require High Security Mode on FTPS and HTTPS connections, open the Robo-FTP Server Console to the FTP Server menu and then mark the checkbox labeled "High Security FIPS Mode Encryption" on the SSL/TLS Options tab.
When High Security Mode is enabled for FTPS / HTTPS, only TLS version 1.2 will be offered. Note that this will prevent very old clients from being able to connect if they do not yet support TLS version 1.2. You will need to decide if you want to require higher security at the cost of preventing these older clients from connecting, or simply accept weaker encryption so that those older clients can continue to connect.
Under High Security Mode, only the following ciphers are available:
•ECDHE-ECDSA-AES256-GCM-SHA384
•ECDHE-RSA-AES256-GCM-SHA384
•DHE-DSS-AES256-GCM-SHA384
•DHE-RSA-AES256-GCM-SHA384
•ECDHE-ECDSA-AES256-SHA384
•ECDHE-RSA-AES256-SHA384
•DHE-RSA-AES256-SHA256
•DHE-DSS-AES256-SHA256
•AES256-GCM-SHA384
•AES256-SHA256
To require High Security Mode on SFTP connections, open the Robo-FTP Server Console to the SFTP Server menu and then mark the checkbox labeled "High Security Mode Encryption" on the General Settings tab.
Under SFTP with High Security mode, only the following ciphers are available:
•aes256-ctr
•aes192-ctr
•aes128-ctr