[
https://issues.apache.org/jira/browse/FTPSERVER-459?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
John Hartnup updated FTPSERVER-459:
-----------------------------------
Attachment: apache-ftpserver-1.0.6.patchj.tar.gz
Patch supplied to mailing list by [email protected]
I haven't personally tested this.
> Allow SSL protocol selection so SSL 3.0 can be turned off due to the Poodle
> attack vector
> -----------------------------------------------------------------------------------------
>
> Key: FTPSERVER-459
> URL: https://issues.apache.org/jira/browse/FTPSERVER-459
> Project: FtpServer
> Issue Type: Bug
> Components: Core
> Affects Versions: 1.0.6
> Reporter: Greg Woolsey
> Priority: Critical
> Attachments: apache-ftpserver-1.0.6.patchj.tar.gz
>
>
> Per [this US-CERT alert|https://www.us-cert.gov/ncas/alerts/TA14-290A] SSL
> 3.0 should no longer be used.
> Apache Mina supports setting the allowed protocols via the
> {{setEnabledProtocols()}} method of {{SslFilter}}.
> However, There is currently no way I can see to access the filter or affect
> its creation and initialization in this regard.
> FTP Server needs another attribute for {{SslConfiguration}} similar to the
> existing {{getEnabledCipherSuites()}} for {{getEnabledProtocols}}.
> This doesn't look too hard to implement, but I can't see any way to do it
> without modifying the FTP server code.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
