Uploaded image for project: 'FtpServer'
  1. FtpServer
  2. FTPSERVER-503

Cannot limit the server to listen for client connections using TLS 1.2(/1.3) only

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.1.2
    • Core, Server
    • None

    Description

      Hi,

      I would like to know if there is a way to limit the server to listen for TLS 1.2(/1.3) only and block older versions of SSL/TLS (TLS1.1, TLS1.0 or SSLv3).

      I'm using:
      ftpserver-core 1.1.1
      mina-core 2.0.21

      I tried to setSslProtocol("TLSv1.2") in the SslConfigurationFactory.
      As I understand this is should affect theĀ SSLContext initialization.

      However, I am able to connect to the server with both:

      • WinSCP client after setting the min & max TLS version to TLSv1.0-TLSv1.0
      • openssl s_client -connect <server>:<port> -tls1 -starttls ftp

      I am expecting both to fail (as the server should only accept TLS 1.2)

      Any idea if this is a bug or not yet supported in Apache FTP?

      Attachments

        Activity

          People

            Unassigned Unassigned
            avnerw AvnerW
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: