cipher control on explicit ssl

[Chrysalis]

Hi

Is it possible to allow the ciphers to be managed client side for explicit ssl ftp connections? I noticed that configuration only applies to sftp (ssh).

Thanks

I need this because I want to test a cipher on my server which will only get used when its requested first by the client.

[bigstar]

Yes, this is possible.

Site Manager > Select site > SSL Tab > Ciphers

This box follows the ciphers string defined by OpenSSL

OpenSSL Ciphers

Below is a example

Code:

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4

[andreas]

Can you include some preconfigured templates in FlashFXP?
For example, "All", "Secure" & "Strict" and limiting on each option the least secure options based on the last findings?

[bigstar]

I could add some templates and this was something I had thought about for some time but ultimately I concluded that it would be difficult to define a set of ciphers that could be considered "secure" or "safe", what's considered secure today might not be secure tomorrow.

And what if the cipher list for a template changes and in turn breaks compatibility with a site that was using it.

As much as I would like to add some templates I just see it as being more of a headache than anything else.

[andreas]

There will always be a "ALL" option that will include all ciphers.

If ciphers are not considered secure tomorrow, you can remove them from the "secure" template