[
https://issues.apache.org/jira/browse/FTPSERVER-503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17498150#comment-17498150
]
Emmanuel Lécharny commented on FTPSERVER-503:
---------------------------------------------
Hi,
I think you should tell the server you want to set TLS when started, which the
following code:
{code:java}
ListenerFactory factory = new
ListenerFactory(server.getListener("default"));
factory.setImplicitSsl(true); // That will add the SslFilter with your
configuration
{code}
Now, if you do that, your server will only accept TLS communication.
> Cannot limit the server to listen for client connections using TLS 1.2(/1.3)
> only
> ---------------------------------------------------------------------------------
>
> Key: FTPSERVER-503
> URL: https://issues.apache.org/jira/browse/FTPSERVER-503
> Project: FtpServer
> Issue Type: Bug
> Components: Core, Server
> Reporter: AvnerW
> Priority: Major
>
> Hi,
> I would like to know if there is a way to limit the server to listen for TLS
> 1.2(/1.3) only and block older versions of SSL/TLS (TLS1.1, TLS1.0 or SSLv3).
> I'm using:
> *ftpserver-core 1.1.1*
> *mina-core 2.0.21*
> I tried to *setSslProtocol*("TLSv1.2") in the *SslConfigurationFactory*.
> As I understand this is should affect the *SSLContext* initialization.
> However, I am able to connect to the server with both:
> - WinSCP client after setting the min & max TLS version to *TLSv1.0-TLSv1.0*
> - openssl s_client -connect <server>:<port> *-tls1* -starttls ftp
> I am expecting both to fail (as the server should only accept TLS 1.2)
> Any idea if this is a bug or not yet supported in Apache FTP?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
