Ensure you are using the latest Cerberus FTP Server release, as the following steps and recommendations apply only to the most recent official release.
Perfect Forward Secrecy (PFS) is a crucial security feature that enhances the confidentiality of communications by ensuring that a compromise of a server's private key does not compromise past session keys. Implementing robust support for Perfect Forward Secrecy is essential for modern web browsers and FTPS clients to uphold the highest standards of security.
To enable robust support for Perfect Forward Secrecy (PFS), it is essential to configure an SSL cipher string that carefully selects and prioritizes the appropriate key exchange suites.
Access and modify the SSL cipher string on the Security > Advanced TLS page within the Server Manager.
On that page, under Advanced TLS Security Settings, go to the 'Security Profiles' drop down and select 'Perfect Forward Secrecy, 256-bit min, favor GCM, no RC4, no MD5':
Press 'Update' on the page to save. There should be no need to restart the Cerberus service for this to take effect.
Comments
0 comments
Please sign in to leave a comment.