files.com 1.1.48 → 1.1.50

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 272dc209ad35385cdc17ee8e7bc7b11b7cf8e17b1d2e477d0803a3b240e054ae
-  data.tar.gz: f84431a25829db447b0a85b9ddcde55c502c76520155876bd6129b348e0948f6
+  metadata.gz: 8685c86117c177940d15ba87bb040d3ab26cce61e2c022645bdb367b69f87c3c
+  data.tar.gz: 68c508f0f9249b62a8aac746ebb9e3d2e5d5f2de557d61bf31354384d708f05f
 SHA512:
-  metadata.gz: f89da0c6739c65a0e9ea1184d156891d44c44e4cbc680673b5e73799293e9bd85ec5a415aaf59e9f5489e76d04da3ea49755c03122ffdd624a6271b67c8cb04b
-  data.tar.gz: 63a912c08fdd8d34f3701a3cca4438ee67eecf423ee63a32b7a1448c99ff38828198980046b280282b849d40f12bab2ecf3a9f98a81dc1dc9db94d04d41c0553
+  metadata.gz: 4722aeca1830c51919a686b51e9f3faea61952e3759d304cff5bac55cbfe1ef13bd7a94e31de90ffe1416a3f2f7e48366b9b94a39b54c2be2db1ac742185862b
+  data.tar.gz: 9f7110418f121a3f9b773bf3787efe1310768b4c23e33afee889bd94f1ed06d7b42d052efed1934203c384b44726e62f80b82948b30c364bbc51d2134a8c6931

data/_VERSION

@@ -1 +1 @@
-1.1.48
+1.1.50

data/docs/as2_partner.md

@@ -26,7 +26,7 @@
 * `name` (string): The partner's formal AS2 name.
 * `uri` (string): Public URI for sending AS2 message to.
 * `server_certificate` (string): Remote server certificate security setting
-* `mdn_validation_level` (string): MDN Validation Level
+* `mdn_validation_level` (string): MDN Validation Level controls how to evaluate message transfer success based on a partner's MDN response. NOTE: This setting does not affect MDN storage; all MDNs received from a partner are always stored. `none`: MDN is stored for informational purposes only, a successful HTTPS transfer is a successful AS2 transfer. `weak`: Inspect the MDN for MIC and Disposition only. `normal`: `weak` plus validate MDN signature matches body, `strict`: `normal` but do not allow signatures from self-signed or incorrectly purposed certificates.
 * `enable_dedicated_ips` (boolean): `true` if remote server only accepts connections from dedicated IPs
 * `hex_public_certificate_serial` (string): Serial of public certificate used for message security in hex format.
 * `public_certificate_md5` (string): MD5 hash of public certificate used for message security.

data/docs/site.md

@@ -169,6 +169,7 @@
   "sftp_host_key_type": "default",
   "active_sftp_host_key_id": 1,
   "sftp_insecure_ciphers": true,
+  "sftp_insecure_diffie_hellman": true,
   "sftp_user_root_enabled": true,
   "sharing_enabled": true,
   "show_request_access_link": true,
@@ -391,7 +392,8 @@
 * `sftp_enabled` (boolean): Is SFTP enabled?
 * `sftp_host_key_type` (string): Sftp Host Key Type
 * `active_sftp_host_key_id` (int64): Id of the currently selected custom SFTP Host Key
-* `sftp_insecure_ciphers` (boolean): Are Insecure Ciphers allowed for SFTP?  Note:  Setting TLS Disabled -> True will always allow insecure ciphers for SFTP as well.  Enabling this is insecure.
+* `sftp_insecure_ciphers` (boolean): If true, we will allow weak and known insecure ciphers to be used for SFTP connections.  Enabling this setting severly weakens the security of your site and it is not recommend, except as a last resort for compatibility.
+* `sftp_insecure_diffie_hellman` (boolean): If true, we will allow weak Diffie Hellman parameters to be used within ciphers for SFTP that are otherwise on our secure list.  This has the effect of making the cipher weaker than our normal threshold for security, but is required to support certain legacy or broken SSH and MFT clients.  Enabling this weakens security, but not nearly as much as enabling the full `sftp_insecure_ciphers` option.
 * `sftp_user_root_enabled` (boolean): Use user FTP roots also for SFTP?
 * `sharing_enabled` (boolean): Allow bundle creation
 * `show_request_access_link` (boolean): Show request access link for users without access?  Currently unused.
@@ -407,7 +409,7 @@
 * `ssl_required` (boolean): Is SSL required?  Disabling this is insecure.
 * `subdomain` (string): Site subdomain
 * `switch_to_plan_date` (date-time): If switching plans, when does the new plan take effect?
-* `tls_disabled` (boolean): Are Insecure TLS and SFTP Ciphers allowed?  Enabling this is insecure.
+* `tls_disabled` (boolean): DO NOT ENABLE. This setting allows TLSv1.0 and TLSv1.1 to be used on your site.  We intend to remove this capability entirely in early 2024.  If set, the `sftp_insecure_ciphers` flag will be automatically set to true.
 * `trial_days_left` (int64): Number of days left in trial
 * `trial_until` (date-time): When does this Site trial expire?
 * `use_provided_modified_at` (boolean): Allow uploaders to set `provided_modified_at` for uploaded files?
@@ -490,6 +492,7 @@ Files::Site.update(
   ssl_required: true, 
   tls_disabled: true, 
   sftp_insecure_ciphers: true, 
+  sftp_insecure_diffie_hellman: true, 
   disable_files_certificate_generation: true, 
   user_lockout: true, 
   user_lockout_tries: 1, 
@@ -633,8 +636,9 @@ Files::Site.update(
 * `left_navigation_visibility` (object): Visibility settings for account navigation
 * `session_expiry` (double): Session expiry in hours
 * `ssl_required` (boolean): Is SSL required?  Disabling this is insecure.
-* `tls_disabled` (boolean): Are Insecure TLS and SFTP Ciphers allowed?  Enabling this is insecure.
-* `sftp_insecure_ciphers` (boolean): Are Insecure Ciphers allowed for SFTP?  Note:  Setting TLS Disabled -> True will always allow insecure ciphers for SFTP as well.  Enabling this is insecure.
+* `tls_disabled` (boolean): DO NOT ENABLE. This setting allows TLSv1.0 and TLSv1.1 to be used on your site.  We intend to remove this capability entirely in early 2024.  If set, the `sftp_insecure_ciphers` flag will be automatically set to true.
+* `sftp_insecure_ciphers` (boolean): If true, we will allow weak and known insecure ciphers to be used for SFTP connections.  Enabling this setting severly weakens the security of your site and it is not recommend, except as a last resort for compatibility.
+* `sftp_insecure_diffie_hellman` (boolean): If true, we will allow weak Diffie Hellman parameters to be used within ciphers for SFTP that are otherwise on our secure list.  This has the effect of making the cipher weaker than our normal threshold for security, but is required to support certain legacy or broken SSH and MFT clients.  Enabling this weakens security, but not nearly as much as enabling the full `sftp_insecure_ciphers` option.
 * `disable_files_certificate_generation` (boolean): If set, Files.com will not set the CAA records required to generate future SSL certificates for this domain.
 * `user_lockout` (boolean): Will users be locked out after incorrect login attempts?
 * `user_lockout_tries` (int64): Number of login tries within `user_lockout_within` hours before users are locked out

data/lib/files.com/models/as2_partner.rb

@@ -54,7 +54,7 @@ module Files
       @attributes[:server_certificate] = value
     end
 
-    # string - MDN Validation Level
+    # string - MDN Validation Level controls how to evaluate message transfer success based on a partner's MDN response. NOTE: This setting does not affect MDN storage; all MDNs received from a partner are always stored. `none`: MDN is stored for informational purposes only, a successful HTTPS transfer is a successful AS2 transfer. `weak`: Inspect the MDN for MIC and Disposition only. `normal`: `weak` plus validate MDN signature matches body, `strict`: `normal` but do not allow signatures from self-signed or incorrectly purposed certificates.
     def mdn_validation_level
       @attributes[:mdn_validation_level]
     end

data/lib/files.com/models/site.rb

@@ -599,11 +599,16 @@ module Files
       @attributes[:active_sftp_host_key_id]
     end
 
-    # boolean - Are Insecure Ciphers allowed for SFTP?  Note:  Setting TLS Disabled -> True will always allow insecure ciphers for SFTP as well.  Enabling this is insecure.
+    # boolean - If true, we will allow weak and known insecure ciphers to be used for SFTP connections.  Enabling this setting severly weakens the security of your site and it is not recommend, except as a last resort for compatibility.
     def sftp_insecure_ciphers
       @attributes[:sftp_insecure_ciphers]
     end
 
+    # boolean - If true, we will allow weak Diffie Hellman parameters to be used within ciphers for SFTP that are otherwise on our secure list.  This has the effect of making the cipher weaker than our normal threshold for security, but is required to support certain legacy or broken SSH and MFT clients.  Enabling this weakens security, but not nearly as much as enabling the full `sftp_insecure_ciphers` option.
+    def sftp_insecure_diffie_hellman
+      @attributes[:sftp_insecure_diffie_hellman]
+    end
+
     # boolean - Use user FTP roots also for SFTP?
     def sftp_user_root_enabled
       @attributes[:sftp_user_root_enabled]
@@ -679,7 +684,7 @@ module Files
       @attributes[:switch_to_plan_date]
     end
 
-    # boolean - Are Insecure TLS and SFTP Ciphers allowed?  Enabling this is insecure.
+    # boolean - DO NOT ENABLE. This setting allows TLSv1.0 and TLSv1.1 to be used on your site.  We intend to remove this capability entirely in early 2024.  If set, the `sftp_insecure_ciphers` flag will be automatically set to true.
     def tls_disabled
       @attributes[:tls_disabled]
     end
@@ -830,8 +835,9 @@ module Files
     #   left_navigation_visibility - object - Visibility settings for account navigation
     #   session_expiry - double - Session expiry in hours
     #   ssl_required - boolean - Is SSL required?  Disabling this is insecure.
-    #   tls_disabled - boolean - Are Insecure TLS and SFTP Ciphers allowed?  Enabling this is insecure.
-    #   sftp_insecure_ciphers - boolean - Are Insecure Ciphers allowed for SFTP?  Note:  Setting TLS Disabled -> True will always allow insecure ciphers for SFTP as well.  Enabling this is insecure.
+    #   tls_disabled - boolean - DO NOT ENABLE. This setting allows TLSv1.0 and TLSv1.1 to be used on your site.  We intend to remove this capability entirely in early 2024.  If set, the `sftp_insecure_ciphers` flag will be automatically set to true.
+    #   sftp_insecure_ciphers - boolean - If true, we will allow weak and known insecure ciphers to be used for SFTP connections.  Enabling this setting severly weakens the security of your site and it is not recommend, except as a last resort for compatibility.
+    #   sftp_insecure_diffie_hellman - boolean - If true, we will allow weak Diffie Hellman parameters to be used within ciphers for SFTP that are otherwise on our secure list.  This has the effect of making the cipher weaker than our normal threshold for security, but is required to support certain legacy or broken SSH and MFT clients.  Enabling this weakens security, but not nearly as much as enabling the full `sftp_insecure_ciphers` option.
     #   disable_files_certificate_generation - boolean - If set, Files.com will not set the CAA records required to generate future SSL certificates for this domain.
     #   user_lockout - boolean - Will users be locked out after incorrect login attempts?
     #   user_lockout_tries - int64 - Number of login tries within `user_lockout_within` hours before users are locked out

data/lib/files.com/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Files
-  VERSION = "1.1.48"
+  VERSION = "1.1.50"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: files.com
 version: !ruby/object:Gem::Version
-  version: 1.1.48
+  version: 1.1.50
 platform: ruby
 authors:
 - files.com
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-04-22 00:00:00.000000000 Z
+date: 2024-04-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable