[
https://issues.apache.org/jira/browse/FTPSERVER-491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16836030#comment-16836030
]
Roy Lu commented on FTPSERVER-491:
----------------------------------
Thank you very much [~johnnyv]. I could see the content but I don't have the
permission to view the diff.
Is the change in NioListener.java enough? For me, this would solve the issue I
think.
149 if (ssl_conf.getEnabledProtocol() != null) {
150 ssl_filter.setEnabledProtocols(new String[] {
ssl_conf.getEnabledProtocol() });
151 }
I didn't check the whole source code. So I'm not sure if there're other places
need to be changed. It's up to you. :)
> SSLConfigurationFactory.setSslProtocol never actually work
> ----------------------------------------------------------
>
> Key: FTPSERVER-491
> URL: https://issues.apache.org/jira/browse/FTPSERVER-491
> Project: FtpServer
> Issue Type: Bug
> Components: Core
> Affects Versions: 1.1.1
> Reporter: Roy Lu
> Assignee: Jonathan Valliere
> Priority: Critical
> Labels: easyfix
> Fix For: 1.1.2
>
>
> It says in the document: Set the SSL protocol used for this channel.
> Supported values are "SSL" and "TLS". Defaults to "TLS".
> Actually the available value could be TLSv1, TLSv1.1, TLSv1.2, SSLv3. This is
> mentioned
> [https://mina.apache.org/mina-project/userguide/ch11-ssl-filter/ch11-ssl-filter.html]
> at the bottom.
> But the things is, the +setSslProtocol+ method here actually doesn't work.
> Because the ssl protocol set in the +SSLConfiguration+ is never used. Check
> +NioListener+ you will see this:
> Configuration of cipher suites was set into +sslFilter+ but no protocol. It
> seems protocols are missing.
> |if (ssl.getEnabledCipherSuites() != null) {
> sslFilter.setEnabledCipherSuites(ssl.getEnabledCipherSuites());
> }
>
> |
> This leads to a problem:
> In +SSLHandler+ protocols will be set into +sslEngine+. Because protocol was
> lost when building sslFilter, so the protocols setting never work.
>
> |if (this.sslFilter.getEnabledCipherSuites() != null) {
>
> this.sslEngine.setEnabledCipherSuites(this.sslFilter.getEnabledCipherSuites());
> }
>
> if (this.sslFilter.getEnabledProtocols() != null) {
> this.sslEngine.setEnabledProtocols(this.sslFilter.getEnabledProtocols());
> }|
>
> I found this because I scanned FTP with Nmap. I set it to critical because
> it's a security issue and hope it can be fixed soon.
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
