Go Back   FlashFXP Forums > >

General Discussion Need help? Have a problem? Let us help you. Bug reports and feature requests should be made using the Bug Tracker or Feature Tracker

Closed Thread
 
Thread Tools Rate Thread Display Modes
Old 02-22-2016, 05:42 PM   #1
Chrysalis
Senior Member
FlashFXP Beta Tester
 
Join Date: Apr 2002
Posts: 136
Default cipher control on explicit ssl

Hi

Is it possible to allow the ciphers to be managed client side for explicit ssl ftp connections? I noticed that configuration only applies to sftp (ssh).

Thanks

I need this because I want to test a cipher on my server which will only get used when its requested first by the client.
Chrysalis is offline  
Old 02-23-2016, 08:01 AM   #2
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

Yes, this is possible.

Site Manager > Select site > SSL Tab > Ciphers

This box follows the ciphers string defined by OpenSSL

OpenSSL Ciphers

Below is a example
Code:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
bigstar is offline  
Old 03-03-2016, 05:43 PM   #3
andreas
Senior Member
FlashFXP Beta Tester
 
Join Date: Jul 2002
Posts: 484
Default

Can you include some preconfigured templates in FlashFXP?
For example, "All", "Secure" & "Strict" and limiting on each option the least secure options based on the last findings?
andreas is offline  
Old 03-03-2016, 08:21 PM   #4
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

I could add some templates and this was something I had thought about for some time but ultimately I concluded that it would be difficult to define a set of ciphers that could be considered "secure" or "safe", what's considered secure today might not be secure tomorrow.

And what if the cipher list for a template changes and in turn breaks compatibility with a site that was using it.

As much as I would like to add some templates I just see it as being more of a headache than anything else.
bigstar is offline  
Old 03-04-2016, 02:25 AM   #5
andreas
Senior Member
FlashFXP Beta Tester
 
Join Date: Jul 2002
Posts: 484
Default

There will always be a "ALL" option that will include all ciphers.

If ciphers are not considered secure tomorrow, you can remove them from the "secure" template

Last edited by andreas; 03-04-2016 at 01:13 PM.
andreas is offline  
Closed Thread

Tags
cipher, client, ftp, sftp, ssl


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 09:25 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)