Citrix ShareFile TLS Deprecation/Upgrade Guidance

This article was last updated on July 2, 2020 – Please visit this page often for the latest information.

NOTE:

ShareFile tool users must update to supported versions by June 30, 2020.

Please identify and then upgrade any outdated tool versions you may be using.

TLS Deprecation Information

Citrix ShareFile operations has disabled Transport Layer Security (TLS) v1.0 and v1.1 on June 30, 2020. This will prevent customers still using TLS v1.0 and v1.1 from accessing some of their services. To prevent any disruption, action is required before June 30, 2020.

Citrix ShareFile supports security best practices including our Transport Layer Security (TLS) implementation for the various components. There are no known security vulnerabilities in our implementation as of the date of this article. However, we understand that security is very important, and in some cases, customers will need to update their TLS implementation, particularly disabling TLS v1.0 and/or v1.1 to meet security best practices and compliance.

This article will describe how customers can leverage Citrix ShareFile components that support TLS v1.2 and specific dependencies on web browsers, mobile platforms, and development environment for API and SDK consumers.

What is TLS?

TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today replacing Secure Socket Layer (SSL), and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint reaches the intended endpoint through endpoint identity verification, and encryption. The versions of TLS, to date, are TLS 1.3, 1.2, 1.1 and 1.0.

TLS v1.0, when not configured correctly, can be vulnerable to well-known attacks such POODLETLS,CRIMEand DROWN.

Read more about TLS vulnerabilities here:

https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/

https://www.ssllabs.com/ssl-pulse/

Citrix ShareFile is not vulnerable to the known attacks described above provided that the TLS implementation is current. For specific technical details on current supported levels, see:

SSL Labs Test Result for ShareFile

What do I have to do?

Customers must upgrade their applications to a version that supports TLS v1.2 or later. Otherwise, customers can experience disruption or lose access to the service. For customers that have updated their environment to allow only TLS v1.2 and later the following information can help determine the minimum versions of various components to support the environment. Any version earlier than the listed TLS 1.2 supported versions, in the table below, will experience disruption after TLS 1.0 and 1.1 is disabled.

1) Citrix Files: Clients and Apps

To identify the specific version of the clients, the following can be used in general:

  1. Windows – Navigate to ‘Add or Remove Programs’ and click the Citrix Files or ShareFile application to see which version is installed.
  2. macOS- In the applications folder, find the Citrix Files / ShareFile application, right click and select ‘Get Info.’ There will be a line entry for ‘Version:’

Specific methods for each client is also listed below

Clients or App TLS 1.2 Supported Versions Latest Downloads Client Version Identification Instructions / User Guide Links
Citrix Files for Windows 4.X and later Latest release: Citrix Files for Windows Left-click on the ShareFile logo in the System Tray to open the Dashboard. Select ‘Help’ from the dashboard. The version number appears at the top of the help page. Install and Use Citrix Files for Windows
Citrix Files for Mac 4.X and later Latest release: Citrix Files for Mac Left-click on the ShareFile logo in the System Tray to open the Dashboard. Select ‘Help’ from the dashboard. The version number appears at the top of the help page. Install and Use Citrix Files for Mac
Citrix Files for Outlook 6.X and later Latest release: Citrix Files for Outlook Select ‘Help’ from the Citrix Files for Outlook ‘Options’ menu. The version number appears at the top of the help page. Citrix Files for Outlook User Guide
ShareFile Sync for Windows 3.19 and later Latest release: ShareFile Sync for Windows Select ‘Preferences’ from the dashboard. In the Preferences UI, select ‘About.’ The version number appears on the left side.
ShareFile Sync for Mac 3.0 and later Latest release: ShareFile Sync for Mac Select ‘Preferences’ from the Dashboard. In the Preferences UI, select ‘About.’ The version number appears on the left side.
ShareFile Drive Mapper Dependent on .NET Framework v4.6.2 and later ShareFile drive mapper users should upgrade to Citrix Files for Windows. Right-click the Drive Mapper tray icon, select ‘Settings.’ In the Settings UI select ‘About.’ The version number appears in the center of the UI. ShareFile drive mapper users should upgrade to Citrix Files for Windows.
Print to ShareFile 2.8.97 and later Software details here Select the ‘Help’ icon (?) in the upper right hand corner of the app. On the top right hand side you will see the version number.
ShareFile Desktop App for Windows 1.18 and later Software details here Select the ‘Help’ icon (?) in the upper right hand corner of the app. The version number appears on the top right.
ShareFile Desktop App for Mac N/A Product End of Life (EOL) Try Citrix Files for Mac N/A

2) Citrix Files for Mobile Apps

Mobile Apps TLS 1.2 Supported OS Platforms App Download Location
Citrix Files for Android Android 5 and later Google Play App
Citrix Files for iOS iOS 10 and later

iOS App Store

Note: Only accessible from iOS devices.

3) ShareFile Storage Zones Controller and Tools

Components TLS 1.2 Supported Versions Additional Notes
Storage zones controller 5.3.1 and later
To identify the version of Storage zones controller, please login to ShareFile account > Settings > Admin > StorageZones > check each zone to see the installed version for each controller server.

Latest releaseSign In to access restricted downloads

Configuration guidance with Citrix ADC (NetScaler)

To identify the version of storage zone Controller’s version see this article.

Upgrade guide here.

User Management Tool (UMT) 1.8.1 and later for non policy based administration (PBA) accounts

1.12 and later for PBA accounts

Software details here
ShareFile Data Migration Tool 3.2 and later Software details here
ShareFile Command Line Interface (SFCLI) N/A SFCLI must be updated with PowerShell SDK. More details can be found here.
ShareFile V1 API N/A ShareFIle V1 API must be updated with V3 API. The migration guide can be found here.
Enterprise Sync N/A Product End of Life (EOL) Details here.

4) Supported Browsers

Browsers Supported Versions Additional Notes
Chrome Latest version Latest release here
Edge Latest version Latest release here
Firefox Latest version Latest release here
Internet Explorer Latest version Latest release here
Safari Latest version Latest release here

You can use the following resource to check your browser or device compatibility:

Browser and Device test

5) ShareFile API and SDK

ShareFile API negotiates for the latest supported version of TLS, starting with v1.2 before trying earlier versions. This prevents deliberate downgrade if a later TLS version is supported.

To support TLS v1.2, ShareFile SDKs require .NET Framework 4.6.2 and later. The latest .NET Framework can be downloaded

here.

FAQs

When will ShareFile disable TLS v1.0 and TLS v 1.1?

TLS v1.0 and v1.1 will be disabled on June 30, 2020.

Is ShareFile vulnerable to known TLS vulnerabilities?

As of this writing, there are no known vulnerabilities. This can be independently verified through SSL Labs. You can use your subdomain (eg. company.sharefile.com) to be tested with SSL Labs: https://www.ssllabs.com/ssltest/index.html

What should customers do to avoid TLS v1.0 and TLS v1.1 implementation when using ShareFile?

Use the reference above on ShareFile components and related dependencies (like .NET Framework 4.6.2 and later) that support TLS v1.2 by default. Upgrade the relevant components and prepare the environment to be ready when TLS v1.0 and v1.1 are disabled.

How do I know what clients my employee users are using?

Unfortunately, unless an administrator is deploying applications to end users, it is best to verify the version directly on the installed client. Please see the “Identify Version” column in the ShareFile Applications table above on how to do this.

Why am I getting these notifications again after upgrading?

Some administrators may get multiple notifications because it is likely some users on the account are still using outdated tool versions. Please verify all employees have upgraded and are aware of the TLS deprecation deadline.

Related:

  • No Related Posts

Leave a Reply