What is TLS?
Transport Layer Security (TLS) is a protocol for secure communication over the internet. It defines a method of establishing a connection to a server (such as a web server or ftp server) and verifying the authenticity of that server through the use of digital certificates and certificate authorities.
Why is it important for me to update to TLS v1.2 or higher?
TLS v1.0 (1999) and TLS v1.1 (2003) are out-of-date protocols that do not support modern cryptographic algorithms, and they contain security vulnerabilities that may be exploited by attackers. The vast majority of encrypted Internet traffic is now over either TLS v1.2 (2008) or TLS v1.3 (2018).
How do you know this affects me?
When your upload process connects to our FTP server, we log the version of TLS in use. We have identified log entries within the last 60 days belonging to your ftp user that connected with TLS v1.0.
How do I get started upgrading my version of TLS?
First, identify the method you use to connect to our server using FTPS. If you are running scripts or have compiled code, there is most likely an external library being included that provides the functionality for establishing the TLS connection. A typical solution in this case is to either upgrade that library to a version that supports TLS v1.2 or v1.3. If your library already supports one of those versions, there is probably a missing setting in your code to enable their use.
If you are using a scripting language, such as ruby or python, you may need to upgrade the version of your interpreter or else recompile it using an upgraded version of the library your TLS library.
What if I am using an off-the-shelf FTP client?
Most major FTP clients that you can download "off-the-shelf" like FIleZilla, WinSCP, Cyberduck, etc., all have supported TLS v1.2 since around 2012-2013. If you are using pre-packaged software like this, upgrading your version of that software is the most likely path to upgrading your version of TLS. Please consult the documentation for that software or reach out to the authors of that software via their support channels for further information.
Which versions of OpenSSL should I upgrade to?
If you have determined that your code was compiled using OpenSSL, versions newer than 1.0.1 support TLS v1.2 and versions newer than 1.1.1 support TLSv1.3.
What is the upgrade process for .NET?
Earlier versions of Windows, such as Windows 7 and Windows Server 2012 did not enable TLSv1.2 by default. You may be able to enable TLS v1.2 and recompile your code, or you may need to upgrade your version of .NET or Windows. Here is a knowledgebase from Microsoft that may help you get started: https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
What if I am running code using Java?
Recent versions of Java are most likely using TLSv1.2 and above by default, but if your code was compiled with Java 7, you may need to enable TLSv1.2 manually. There are many resources available online for assisting with this, but here is one example: https://www.baeldung.com/java-7-tls-v12
Comments
0 comments
Please sign in to leave a comment.