Disabling Old FTP Ciphers

Published on 11 Oct 2021

    ExaVault has always put security first and foremost. As we continually audit our processes and access to systems, we made the decision to remove support on a number of older security ciphers to best ensure connections being made to ExaVault maintain a security standard we can be confident in. 

    For over 99% of our customers, these changes should have no impact on your ability to access ExaVault. Web browsers and FTP client software will automatically select appropriate secure ciphers.

    Starting on November 5th, the following ciphers will no longer be supported; 

    TLS Ciphers:

    • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1)
    • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 2048)
    • TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048)
    • TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1)
    • TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
    • TLS_RSA_WITH_RC4_128_MD5 (RSA 2048)

    SSH CBC Ciphers:

    • aes256-cbc
    • aes192-cbc
    • aes128-cbc
    • cast128-cbc
    • 3des-cbc
    • blowfish-cbc

    MAC Algorithm:

    • hmac-sha1
    • hmac-sha1-96
    • umac-64@openssh.com

    If you’re concerned that you have an older system that uses these outdated ciphers, you can reach out to us at support@exavault.com to request access to a test account on our staging servers so you can determine if you will be affected by the change.

    Recent Related Blogs

    Share via:
    • Facebook
    • Twitter
    • LinkedIn

    © 2021 ExaVault. All Rights Reserved. ExaVault is a registered trademark of ExaVault, Inc.