Enforcing TLS 1.2 and TLS 1.3 and Strong Ciphers

Introduction

FileCloud can be configured to use stronger SSL Protocol (TLSv1.2 and 1.3 only) instead of the default protocols. This article shows how to configure FileCloud server and clients to make use of the TLSv1.2 and TLSv1.3 protocols.

Server Configuration

1. In order to enable TLS 1.2 or TLS 1.3 , please edit the httpd configuration file.

   OS	Remarks
   Windows	Configuration file is located at XAMPPROOT\apache\conf\extra\httpd-ssl.conf For example, if you have installed xampp in c:\, then it will be C:\xampp\apache\conf\extra\http-ssl-conf
   Ubuntu	/etc/apache2/sites-enabled/000-default.conf If you use a non-default site, please use appropriate configuration file.

2. Locate the SSLCipherSuite key and change it to
   SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

3. Locate the SSLProtocol key and change it to
   SSLProtocol -all +TLSv1.3 +TLSv1.2
4. This is the highest level of security possible.