Description
Hi,
I would like to know if there is a way to limit the server to listen for TLS 1.2(/1.3) only and block older versions of SSL/TLS (TLS1.1, TLS1.0 or SSLv3).
I'm using:
ftpserver-core 1.1.1
mina-core 2.0.21
I tried to setSslProtocol("TLSv1.2") in the SslConfigurationFactory.
As I understand this is should affect theĀ SSLContext initialization.
However, I am able to connect to the server with both:
- WinSCP client after setting the min & max TLS version to TLSv1.0-TLSv1.0
- openssl s_client -connect <server>:<port> -tls1 -starttls ftp
I am expecting both to fail (as the server should only accept TLS 1.2)
Any idea if this is a bug or not yet supported in Apache FTP?