Disabling Old FTP Ciphers

Published on 11 Oct 2021 - Updated on 17 Nov 2021

UPDATE: Support for old ciphers was disabled November 16th, 2021.

*We previously stated that support would be disabled on Nov. 5th.

ExaVault has always put security first and foremost. As we continually audit our processes and access to systems, we made the decision to remove support on a number of older security ciphers to best ensure connections being made to ExaVault maintain a security standard we can be confident in. 

For over 99% of our customers, these changes should have no impact on your ability to access ExaVault. Web browsers and FTP client software will automatically select appropriate secure ciphers.

The following ciphers will no longer be supported; 

TLS Ciphers:

  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1)
  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 2048)
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048)
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1)
  • TLS_RSA_WITH_RC4_128_SHA (rsa 2048)
  • TLS_RSA_WITH_RC4_128_MD5 (RSA 2048)

SSH CBC Ciphers:

  • aes256-cbc
  • aes192-cbc
  • aes128-cbc
  • cast128-cbc
  • 3des-cbc
  • blowfish-cbc

MAC Algorithm:

  • hmac-sha1
  • hmac-sha1-96
  • umac-64@openssh.com

If you’re concerned that you have an older system that uses these outdated ciphers, you can reach out to us at support@exavault.com to request access to a test account on our staging servers so you can determine if you will be affected by the change.

Recent Related Blogs

Share via:
  • Facebook
  • Twitter
  • LinkedIn

© 2021 ExaVault. All Rights Reserved. ExaVault is a registered trademark of ExaVault, Inc.