TLSv1.2: New Default for FileCatalyst Products
Posted by Aly Essa, Last modified by Aly Essa on 16 April 2020 08:17 AM

Overview

At FileCatalyst we are moving towards hardening the security in our software out of the box. These new defaults will be available in the FileCatalyst Server (fcconf.conf), TransferAgent (fcta.conf), Central (maconfig.conf) and HotFolder (fchf.conf) configuration files.


What does this mean for your clients and deployed FileCatalyst Servers?

Any software that is upgraded to v3.8, and the old configuration file is used in the upgrade, the transports layer settings will be reset. They will be replaced with the new defaults found in v3.8. These defaults will be present after fresh installations as well.

For example, in the HotFolder, the default configuration for v3.7.3 would look like:

## SSL settings
FC.hotfolder.config.deployment.security.defaultTransport=TLSv1
FC.hotfolder.config.deployment.security.SSLv2Hello=true
FC.hotfolder.config.deployment.security.SSLv3=false
FC.hotfolder.config.deployment.security.TLSv1=true
FC.hotfolder.config.deployment.security.TLSv1.1=false
FC.hotfolder.config.deployment.security.TLSv1.2=false

These will now be changed to:

## SSL settings
FC.hotfolder.config.deployment.security.defaultTransport=TLSv1.2
FC.hotfolder.config.deployment.security.SSLv2Hello=true
FC.hotfolder.config.deployment.security.SSLv3=false
FC.hotfolder.config.deployment.security.TLSv1=true
FC.hotfolder.config.deployment.security.TLSv1.1=true
FC.hotfolder.config.deployment.security.TLSv1.2=true


Other changes that will be seen are:

  • Older Oracle Java Cipher examples will be removed and updated.
  • If Ciphers were configured they will be reset and need to be re-added. An alert will be displayed in the UI.

Environment

FileCatalyst TransferAgent v3.8

FileCatalyst TransferAgent Express v3.8
FileCatalyst HotFolder v3.8
FileCatalyst Server v3.8
FileCatalyst Central v3.8