[prev in list] [next in list] [prev in thread] [next in thread]
List: mina-dev
Subject: [jira] [Resolved] (FTPSERVER-503) Cannot limit the server to listen for client connections using TLS
From: Emmanuel_Lécharny_(Jira) <jira () apache ! org>
Date: 2022-02-25 14:49:00
Message-ID: JIRA.13382666.1623143565000.356202.1645800540023 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/FTPSERVER-503?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Emmanuel Lécharny resolved FTPSERVER-503.
-----------------------------------------
Resolution: Fixed
Fixed in 1.1.2
> Cannot limit the server to listen for client connections using TLS 1.2(/1.3) only
> ---------------------------------------------------------------------------------
>
> Key: FTPSERVER-503
> URL: https://issues.apache.org/jira/browse/FTPSERVER-503
> Project: FtpServer
> Issue Type: Bug
> Components: Core, Server
> Reporter: AvnerW
> Priority: Major
> Fix For: 1.1.2
>
>
> Hi,
> I would like to know if there is a way to limit the server to listen for TLS \
> 1.2(/1.3) only and block older versions of SSL/TLS (TLS1.1, TLS1.0 or SSLv3). I'm \
> using:
> *ftpserver-core 1.1.1*
> *mina-core 2.0.21*
> I tried to *setSslProtocol*("TLSv1.2") in the *SslConfigurationFactory*.
> As I understand this is should affect the *SSLContext* initialization.
> However, I am able to connect to the server with both:
> - WinSCP client after setting the min & max TLS version to *TLSv1.0-TLSv1.0*
> - openssl s_client -connect <server>:<port> *-tls1* -starttls ftp
> I am expecting both to fail (as the server should only accept TLS 1.2)
> Any idea if this is a bug or not yet supported in Apache FTP?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]