This article was last updated on July 2, 2020 – Please visit this page often for the latest information.
Please identify and then upgrade any outdated tool versions you may be using.
Citrix ShareFile operations has disabled Transport Layer Security (TLS) v1.0 and v1.1 on June 30, 2020. This will prevent customers still using TLS v1.0 and v1.1 from accessing some of their services. To prevent any disruption, action is required before June 30, 2020.
Citrix ShareFile supports security best practices including our Transport Layer Security (TLS) implementation for the various components. There are no known security vulnerabilities in our implementation as of the date of this article. However, we understand that security is very important, and in some cases, customers will need to update their TLS implementation, particularly disabling TLS v1.0 and/or v1.1 to meet security best practices and compliance.
This article will describe how customers can leverage Citrix ShareFile components that support TLS v1.2 and specific dependencies on web browsers, mobile platforms, and development environment for API and SDK consumers.
TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today replacing Secure Socket Layer (SSL), and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint reaches the intended endpoint through endpoint identity verification, and encryption. The versions of TLS, to date, are TLS 1.3, 1.2, 1.1 and 1.0.
Read more about TLS vulnerabilities here:
Citrix ShareFile is not vulnerable to the known attacks described above provided that the TLS implementation is current. For specific technical details on current supported levels, see:
SSL Labs Test Result for ShareFile
Customers must upgrade their applications to a version that supports TLS v1.2 or later. Otherwise, customers can experience disruption or lose access to the service. For customers that have updated their environment to allow only TLS v1.2 and later the following information can help determine the minimum versions of various components to support the environment. Any version earlier than the listed TLS 1.2 supported versions, in the table below, will experience disruption after TLS 1.0 and 1.1 is disabled.
To identify the specific version of the clients, the following can be used in general:
- Windows – Navigate to ‘Add or Remove Programs’ and click the Citrix Files or ShareFile application to see which version is installed.
- macOS- In the applications folder, find the Citrix Files / ShareFile application, right click and select ‘Get Info.’ There will be a line entry for ‘Version:’
Specific methods for each client is also listed below
|Clients or App||TLS 1.2 Supported Versions||Latest Downloads||Client Version Identification||Instructions / User Guide Links|
|Citrix Files for Windows||4.X and later||Latest release: Citrix Files for Windows||Left-click on the ShareFile logo in the System Tray to open the Dashboard. Select ‘Help’ from the dashboard. The version number appears at the top of the help page.||Install and Use Citrix Files for Windows|
|Citrix Files for Mac||4.X and later||Latest release: Citrix Files for Mac||Left-click on the ShareFile logo in the System Tray to open the Dashboard. Select ‘Help’ from the dashboard. The version number appears at the top of the help page.||Install and Use Citrix Files for Mac|
|Citrix Files for Outlook||6.X and later||Latest release: Citrix Files for Outlook||Select ‘Help’ from the Citrix Files for Outlook ‘Options’ menu. The version number appears at the top of the help page.||Citrix Files for Outlook User Guide|
|ShareFile Sync for Windows||3.19 and later||Latest release: ShareFile Sync for Windows||Select ‘Preferences’ from the dashboard. In the Preferences UI, select ‘About.’ The version number appears on the left side.|
|ShareFile Sync for Mac||3.0 and later||Latest release: ShareFile Sync for Mac||Select ‘Preferences’ from the Dashboard. In the Preferences UI, select ‘About.’ The version number appears on the left side.|
|ShareFile Drive Mapper||Dependent on .NET Framework v4.6.2 and later||ShareFile drive mapper users should upgrade to Citrix Files for Windows.||Right-click the Drive Mapper tray icon, select ‘Settings.’ In the Settings UI select ‘About.’ The version number appears in the center of the UI.||ShareFile drive mapper users should upgrade to Citrix Files for Windows.|
|Print to ShareFile||2.8.97 and later||Software details here||Select the ‘Help’ icon (?) in the upper right hand corner of the app. On the top right hand side you will see the version number.|
|ShareFile Desktop App for Windows||1.18 and later||Software details here||Select the ‘Help’ icon (?) in the upper right hand corner of the app. The version number appears on the top right.|
|ShareFile Desktop App for Mac||N/A Product End of Life (EOL)||Try Citrix Files for Mac||N/A|
|Mobile Apps||TLS 1.2 Supported OS Platforms||App Download Location|
|Citrix Files for Android||Android 5 and later||Google Play App|
|Citrix Files for iOS||iOS 10 and later||
Note: Only accessible from iOS devices.
|Components||TLS 1.2 Supported Versions||Additional Notes|
|Storage zones controller||5.3.1 and later
||To identify the version of Storage zones controller, please login to ShareFile account > Settings > Admin > StorageZones > check each zone to see the installed version for each controller server.
Latest releaseSign In to access restricted downloads
Configuration guidance with Citrix ADC (NetScaler)
To identify the version of storage zone Controller’s version see this article.
Upgrade guide here.
|User Management Tool (UMT)||1.8.1 and later for non policy based administration (PBA) accounts
1.12 and later for PBA accounts
|Software details here|
|ShareFile Data Migration Tool||3.2 and later||Software details here|
|ShareFile Command Line Interface (SFCLI)||N/A||SFCLI must be updated with PowerShell SDK. More details can be found here.|
|ShareFile V1 API||N/A||ShareFIle V1 API must be updated with V3 API. The migration guide can be found here.|
|Enterprise Sync||N/A Product End of Life (EOL)||Details here.|
|Browsers||Supported Versions||Additional Notes|
|Chrome||Latest version||Latest release here|
|Edge||Latest version||Latest release here|
|Firefox||Latest version||Latest release here|
|Internet Explorer||Latest version||Latest release here|
|Safari||Latest version||Latest release here|
You can use the following resource to check your browser or device compatibility:
Browser and Device test
5) ShareFile API and SDK
ShareFile API negotiates for the latest supported version of TLS, starting with v1.2 before trying earlier versions. This prevents deliberate downgrade if a later TLS version is supported.
To support TLS v1.2, ShareFile SDKs require .NET Framework 4.6.2 and later. The latest .NET Framework can be downloaded
When will ShareFile disable TLS v1.0 and TLS v 1.1?
TLS v1.0 and v1.1 will be disabled on June 30, 2020.
Is ShareFile vulnerable to known TLS vulnerabilities?
As of this writing, there are no known vulnerabilities. This can be independently verified through SSL Labs. You can use your subdomain (eg. company.sharefile.com) to be tested with SSL Labs: https://www.ssllabs.com/ssltest/index.html
What should customers do to avoid TLS v1.0 and TLS v1.1 implementation when using ShareFile?
Use the reference above on ShareFile components and related dependencies (like .NET Framework 4.6.2 and later) that support TLS v1.2 by default. Upgrade the relevant components and prepare the environment to be ready when TLS v1.0 and v1.1 are disabled.
How do I know what clients my employee users are using?
Unfortunately, unless an administrator is deploying applications to end users, it is best to verify the version directly on the installed client. Please see the “Identify Version” column in the ShareFile Applications table above on how to do this.
Why am I getting these notifications again after upgrading?
Some administrators may get multiple notifications because it is likely some users on the account are still using outdated tool versions. Please verify all employees have upgraded and are aware of the TLS deprecation deadline.