[ 
https://issues.apache.org/jira/browse/FTPSERVER-97?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Niklas Gustavsson closed FTPSERVER-97.
--------------------------------------

       Resolution: Fixed
    Fix Version/s: 1.0-M2
         Assignee: Niklas Gustavsson

Fixed. The server now uses the cipher suites enabled by the JRE by default. We 
now also provide an configuration option for setting exactly what cipher suites 
to enable.

commit -m "Using the enabled cipher suites, rather than all for SSL/TLS 
(FTPSERVER-97)
Adding support for setting what cipher suites should be enabled (FTPSERVER-97)
Refactoring Ssl into a simpler class (not creating sockets as that is only used 
for the IO listener)" 
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/interfaces/Ssl.java
 
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/IODataConnectionFactory.java
 
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/listener/io/IOConnection.java
 
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/listener/io/IOListener.java
 
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/listener/mina/MinaConnection.java
 
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/listener/mina/MinaListener.java
 
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java
 
C:/home/niklas/workspaces/apache/ftpserver/ssl-tests/src/test/org/apache/ftpserver/ssl/IOCipherSuitesTest.java
 
C:/home/niklas/workspaces/apache/ftpserver/ssl-tests/src/test/org/apache/ftpserver/ssl/MinaCipherSuitesTest.java
 
C:/home/niklas/workspaces/apache/ftpserver/ssl-tests/src/test/org/apache/ftpserver/ssl/SSLTestTemplate.java
    Sending        
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/interfaces/Ssl.java
    Sending        
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/IODataConnectionFactory.java
    Sending        
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/listener/io/IOConnection.java
    Sending        
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/listener/io/IOListener.java
    Sending        
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/listener/mina/MinaConnection.java
    Sending        
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/listener/mina/MinaListener.java
    Sending        
C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java
    Adding         
C:/home/niklas/workspaces/apache/ftpserver/ssl-tests/src/test/org/apache/ftpserver/ssl/IOCipherSuitesTest.java
    Adding         
C:/home/niklas/workspaces/apache/ftpserver/ssl-tests/src/test/org/apache/ftpserver/ssl/MinaCipherSuitesTest.java
    Sending        
C:/home/niklas/workspaces/apache/ftpserver/ssl-tests/src/test/org/apache/ftpserver/ssl/SSLTestTemplate.java
    Transmitting file data ...
    Committed revision 560793.

> SSL data connection enables all supported ciphers
> -------------------------------------------------
>
>                 Key: FTPSERVER-97
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-97
>             Project: FtpServer
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.0-M1
>            Reporter: Steve Jones
>            Assignee: Niklas Gustavsson
>             Fix For: 1.0-M2
>
>
> The SSL implementation that is used by default for FTP data transfers 
> (DefaultSsl) enables all SSL cipher suites:
>   String cipherSuites[] = serverSocket.getSupportedCipherSuites();
>   serverSocket.setEnabledCipherSuites(cipherSuites);
> This is likely to enable ciphers such as:
>   SSL_RSA_WITH_NULL_MD5
>   SSL_RSA_WITH_NULL_SHA
> Which means that there is no confidentiality for the transport (in other 
> words authentication will occur but after that communication is in the 
> clear). 
> Usually you would not want to allow this, so it is best not to enable all 
> ciphers.
> Here's a reference to this issue for another apache project:
>   http://mail-archives.apache.org/mod_mbox/avalon-apps-dev/200209.mbox/[EMAIL 
> PROTECTED]

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to