Enforcing TLS 1.2 and TLS 1.3 and Strong Ciphers

Introduction

FileCloud can be configured to use stronger SSL Protocol (TLSv1.2 and 1.3 only) instead of the default protocols. This article shows how to configure FileCloud server and clients to make use of the TLSv1.2 and TLSv1.3 protocols.

Server Configuration

  1. In order to enable TLS 1.2 or TLS 1.3 , please edit the httpd configuration file.

    OSRemarks
    Windows

    Configuration file is located at XAMPPROOT\apache\conf\extra\httpd-ssl.conf

    For example, if you have installed xampp in c:\, then it will be C:\xampp\apache\conf\extra\http-ssl-conf

    Ubuntu

    /etc/apache2/sites-enabled/000-default.conf

    If you use a non-default site, please use appropriate configuration file.

  2. Locate the SSLCipherSuite key and change it to
    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

  3. Locate the SSLProtocol key and change it to
    SSLProtocol -all +TLSv1.3 +TLSv1.2
  4. This is the highest level of security possible.