Diplomat products exclusively use the Java encryption libraries for SSL and TLS encryption. SSL encryption is used for communication between Diplomat product components, for FTPS connections and for HTTPS connections. In all of these cases, Diplomat products rely on the Java encryption libraries and not on OpenSSL. The Java libraries are not affected by the Heartbleed bug.
Diplomat products act as clients for connections to FTPS or HTTPS servers. These FTPS and HTTPS servers may still contain the Heartbleed bug.
If the Heartbleed bug exists on FTPS or HTTPS servers, certain information passed from any FTP or HTTP client to the FTPS or HTTPS server may still be at risk. Any users connecting to FTPS and HTTPS servers should confirm that the servers are not at risk before continuing file transfers. Users can refer to a list File Transfer Consulting is compiling a list ofHeartbleed statements from file transfer vendors.
“We encourage our customers to confirm with their trading partners that any vulnerability in their FTPS or HTTPS servers have been addressed,” says Pam Reid, CEO at Coviant Software. “Once vulnerable servers have been remediated, we recommend that our customers request updated usernames and passwords from the FTPS and HTTPS server managers before resuming file transfer jobs.”
About Coviant Software
Coviant Software has been a trusted provider of secure file transfer and OpenPGP encryption solutions for 10 years. Coviant Software delivers Managed File Transfer solutions to improve the productivity of file transfer administrators. Diplomat Managed File Transfer software uses Intelligent File Transfer(TM) design with embedded secure file transfer logic, so file transfer experts can quickly design and deploy file transfer jobs with fewer errors and failed transfers.