You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ftpserver-users@mina.apache.org by juergen sorg <j....@fz-juelich.de> on 2015/01/21 07:58:20 UTC
disable sslv3
hi,
is it possible to disable some SSL and TLS versions in apache mina ftp
server?
i read the documentation, but there is only the option to choose between
SSL or TLS. and if i specifiy TLS in the configuration (spring confign
file) then the same protocols are enabled as i use SSL (i could connect
by using openssl client with SSLv3, TLSv1 TLSv1.1 TLSv1.2
thanks in advance
gruss juergen
Re: disable sslv3
Posted by John Hartnup <jo...@gmail.com>.
I've gone ahead and attached your patch to the JIRA bug.
On Thu Jan 22 2015 at 12:02:37 John Hartnup <jo...@gmail.com> wrote:
> Actually there is already a bug record:
> https://issues.apache.org/jira/browse/FTPSERVER-459
>
>
> On Thu Jan 22 2015 at 12:00:19 John Hartnup <jo...@gmail.com>
> wrote:
>
>> The last commit to the project was Nov 2012 -- is anyone actively
>> maintaining this project?
>> https://git-wip-us.apache.org/repos/asf?p=mina-ftpserver.git;a=summary
>>
>> That said, it may be worth raising a bug at https://issues.apache.org/
>> jira/browse/FTPSERVER/ -- you can attach your patch there -- I guess
>> that would save the committer (assuming one comes along) some time.
>>
>> On Thu Jan 22 2015 at 08:01:47 juergen sorg <j....@fz-juelich.de> wrote:
>>
>>> hi erick, hi david,
>>>
>>> you can find ftp server sources including changes to support
>>> en/disabling certain ssl protocols here:
>>>
>>> http://icg4003-v3.icg.kfa-juelich.de/weatherradargif/apache-
>>> ftpserver-1.0.6.patchj.tar.gz
>>>
>>> here a list of changed classes:
>>>
>>> - SslConfiguration
>>> - SslConfigurationFactory
>>> - NioListener
>>> - AUTH
>>> - ListenerBeanDefinitionParser
>>> - ftpserver-1.0.xsd
>>>
>>> gruss juergen
>>>
>>> On 21/01/15 17:23, David Latorre wrote:
>>> > As Erick says, you need to invoke SSLFilter.setEnabledProtocols()
>>> . If
>>> > you are willing to provide a patch in order to expose the
>>> EnabledProtocols
>>> > method in the Listener configuration, we will be happy to integrate
>>> it
>>> > into the FTPServer code .
>>> >
>>> >
>>> > Kindest regards,
>>> >
>>> >
>>> >
>>> > 2015-01-21 12:13 GMT+01:00 Erick Lichtas <EL...@linoma.com>:
>>> >
>>> >> Hello,
>>> >>
>>> >> I'm not sure how much work has been done with this on the project with
>>> >> this lately, but what needs to be added is an option that allows the
>>> >> 'enabled ssl protocols' to be set on the mina SSLFilter in a few
>>> spots.
>>> >> Basically, every place in the code that calls
>>> >> sslFilter.setEnabledCipherSuites(..) should also/instead call
>>> >> sslFilter.setEnabledProtocols(..). If such is done, you can
>>> granularly
>>> >> control which SSL/TLS protocols are enabled on the server. And this
>>> works
>>> >> well for the Oracle and IBM jvms.
>>> >>
>>> >> Regards,
>>> >> Erick
>>> >>
>>> >> -----Original Message-----
>>> >> From: juergen sorg [mailto:j.sorg@fz-juelich.de]
>>> >> Sent: Wednesday, January 21, 2015 12:58 AM
>>> >> To: ftpserver-users@mina.apache.org
>>> >> Subject: disable sslv3
>>> >>
>>> >> hi,
>>> >>
>>> >> is it possible to disable some SSL and TLS versions in apache mina ftp
>>> >> server?
>>> >> i read the documentation, but there is only the option to choose
>>> between
>>> >> SSL or TLS. and if i specifiy TLS in the configuration (spring confign
>>> >> file) then the same protocols are enabled as i use SSL (i could
>>> connect
>>> >> by using openssl client with SSLv3, TLSv1 TLSv1.1 TLSv1.2
>>> >>
>>> >> thanks in advance
>>> >>
>>> >> gruss juergen
>>> >>
>>> >>
>>> >
>>>
>>>
>>>
Re: disable sslv3
Posted by John Hartnup <jo...@gmail.com>.
Actually there is already a bug record:
https://issues.apache.org/jira/browse/FTPSERVER-459
On Thu Jan 22 2015 at 12:00:19 John Hartnup <jo...@gmail.com> wrote:
> The last commit to the project was Nov 2012 -- is anyone actively
> maintaining this project?
> https://git-wip-us.apache.org/repos/asf?p=mina-ftpserver.git;a=summary
>
> That said, it may be worth raising a bug at
> https://issues.apache.org/jira/browse/FTPSERVER/ -- you can attach your
> patch there -- I guess that would save the committer (assuming one comes
> along) some time.
>
> On Thu Jan 22 2015 at 08:01:47 juergen sorg <j....@fz-juelich.de> wrote:
>
>> hi erick, hi david,
>>
>> you can find ftp server sources including changes to support
>> en/disabling certain ssl protocols here:
>>
>> http://icg4003-v3.icg.kfa-juelich.de/weatherradargif/apache-
>> ftpserver-1.0.6.patchj.tar.gz
>>
>> here a list of changed classes:
>>
>> - SslConfiguration
>> - SslConfigurationFactory
>> - NioListener
>> - AUTH
>> - ListenerBeanDefinitionParser
>> - ftpserver-1.0.xsd
>>
>> gruss juergen
>>
>> On 21/01/15 17:23, David Latorre wrote:
>> > As Erick says, you need to invoke SSLFilter.setEnabledProtocols()
>> . If
>> > you are willing to provide a patch in order to expose the
>> EnabledProtocols
>> > method in the Listener configuration, we will be happy to integrate it
>> > into the FTPServer code .
>> >
>> >
>> > Kindest regards,
>> >
>> >
>> >
>> > 2015-01-21 12:13 GMT+01:00 Erick Lichtas <EL...@linoma.com>:
>> >
>> >> Hello,
>> >>
>> >> I'm not sure how much work has been done with this on the project with
>> >> this lately, but what needs to be added is an option that allows the
>> >> 'enabled ssl protocols' to be set on the mina SSLFilter in a few spots.
>> >> Basically, every place in the code that calls
>> >> sslFilter.setEnabledCipherSuites(..) should also/instead call
>> >> sslFilter.setEnabledProtocols(..). If such is done, you can
>> granularly
>> >> control which SSL/TLS protocols are enabled on the server. And this
>> works
>> >> well for the Oracle and IBM jvms.
>> >>
>> >> Regards,
>> >> Erick
>> >>
>> >> -----Original Message-----
>> >> From: juergen sorg [mailto:j.sorg@fz-juelich.de]
>> >> Sent: Wednesday, January 21, 2015 12:58 AM
>> >> To: ftpserver-users@mina.apache.org
>> >> Subject: disable sslv3
>> >>
>> >> hi,
>> >>
>> >> is it possible to disable some SSL and TLS versions in apache mina ftp
>> >> server?
>> >> i read the documentation, but there is only the option to choose
>> between
>> >> SSL or TLS. and if i specifiy TLS in the configuration (spring confign
>> >> file) then the same protocols are enabled as i use SSL (i could connect
>> >> by using openssl client with SSLv3, TLSv1 TLSv1.1 TLSv1.2
>> >>
>> >> thanks in advance
>> >>
>> >> gruss juergen
>> >>
>> >>
>> >
>>
>>
>>
Re: disable sslv3
Posted by John Hartnup <jo...@gmail.com>.
The last commit to the project was Nov 2012 -- is anyone actively
maintaining this project?
https://git-wip-us.apache.org/repos/asf?p=mina-ftpserver.git;a=summary
That said, it may be worth raising a bug at
https://issues.apache.org/jira/browse/FTPSERVER/ -- you can attach your
patch there -- I guess that would save the committer (assuming one comes
along) some time.
On Thu Jan 22 2015 at 08:01:47 juergen sorg <j....@fz-juelich.de> wrote:
> hi erick, hi david,
>
> you can find ftp server sources including changes to support
> en/disabling certain ssl protocols here:
>
> http://icg4003-v3.icg.kfa-juelich.de/weatherradargif/
> apache-ftpserver-1.0.6.patchj.tar.gz
>
> here a list of changed classes:
>
> - SslConfiguration
> - SslConfigurationFactory
> - NioListener
> - AUTH
> - ListenerBeanDefinitionParser
> - ftpserver-1.0.xsd
>
> gruss juergen
>
> On 21/01/15 17:23, David Latorre wrote:
> > As Erick says, you need to invoke SSLFilter.setEnabledProtocols() .
> If
> > you are willing to provide a patch in order to expose the
> EnabledProtocols
> > method in the Listener configuration, we will be happy to integrate it
> > into the FTPServer code .
> >
> >
> > Kindest regards,
> >
> >
> >
> > 2015-01-21 12:13 GMT+01:00 Erick Lichtas <EL...@linoma.com>:
> >
> >> Hello,
> >>
> >> I'm not sure how much work has been done with this on the project with
> >> this lately, but what needs to be added is an option that allows the
> >> 'enabled ssl protocols' to be set on the mina SSLFilter in a few spots.
> >> Basically, every place in the code that calls
> >> sslFilter.setEnabledCipherSuites(..) should also/instead call
> >> sslFilter.setEnabledProtocols(..). If such is done, you can granularly
> >> control which SSL/TLS protocols are enabled on the server. And this
> works
> >> well for the Oracle and IBM jvms.
> >>
> >> Regards,
> >> Erick
> >>
> >> -----Original Message-----
> >> From: juergen sorg [mailto:j.sorg@fz-juelich.de]
> >> Sent: Wednesday, January 21, 2015 12:58 AM
> >> To: ftpserver-users@mina.apache.org
> >> Subject: disable sslv3
> >>
> >> hi,
> >>
> >> is it possible to disable some SSL and TLS versions in apache mina ftp
> >> server?
> >> i read the documentation, but there is only the option to choose between
> >> SSL or TLS. and if i specifiy TLS in the configuration (spring confign
> >> file) then the same protocols are enabled as i use SSL (i could connect
> >> by using openssl client with SSLv3, TLSv1 TLSv1.1 TLSv1.2
> >>
> >> thanks in advance
> >>
> >> gruss juergen
> >>
> >>
> >
>
>
>
Re: disable sslv3
Posted by juergen sorg <j....@fz-juelich.de>.
hi erick, hi david,
you can find ftp server sources including changes to support
en/disabling certain ssl protocols here:
http://icg4003-v3.icg.kfa-juelich.de/weatherradargif/apache-ftpserver-1.0.6.patchj.tar.gz
here a list of changed classes:
- SslConfiguration
- SslConfigurationFactory
- NioListener
- AUTH
- ListenerBeanDefinitionParser
- ftpserver-1.0.xsd
gruss juergen
On 21/01/15 17:23, David Latorre wrote:
> As Erick says, you need to invoke SSLFilter.setEnabledProtocols() . If
> you are willing to provide a patch in order to expose the EnabledProtocols
> method in the Listener configuration, we will be happy to integrate it
> into the FTPServer code .
>
>
> Kindest regards,
>
>
>
> 2015-01-21 12:13 GMT+01:00 Erick Lichtas <EL...@linoma.com>:
>
>> Hello,
>>
>> I'm not sure how much work has been done with this on the project with
>> this lately, but what needs to be added is an option that allows the
>> 'enabled ssl protocols' to be set on the mina SSLFilter in a few spots.
>> Basically, every place in the code that calls
>> sslFilter.setEnabledCipherSuites(..) should also/instead call
>> sslFilter.setEnabledProtocols(..). If such is done, you can granularly
>> control which SSL/TLS protocols are enabled on the server. And this works
>> well for the Oracle and IBM jvms.
>>
>> Regards,
>> Erick
>>
>> -----Original Message-----
>> From: juergen sorg [mailto:j.sorg@fz-juelich.de]
>> Sent: Wednesday, January 21, 2015 12:58 AM
>> To: ftpserver-users@mina.apache.org
>> Subject: disable sslv3
>>
>> hi,
>>
>> is it possible to disable some SSL and TLS versions in apache mina ftp
>> server?
>> i read the documentation, but there is only the option to choose between
>> SSL or TLS. and if i specifiy TLS in the configuration (spring confign
>> file) then the same protocols are enabled as i use SSL (i could connect
>> by using openssl client with SSLv3, TLSv1 TLSv1.1 TLSv1.2
>>
>> thanks in advance
>>
>> gruss juergen
>>
>>
>
Re: disable sslv3
Posted by David Latorre <dv...@gmail.com>.
As Erick says, you need to invoke SSLFilter.setEnabledProtocols() . If
you are willing to provide a patch in order to expose the EnabledProtocols
method in the Listener configuration, we will be happy to integrate it
into the FTPServer code .
Kindest regards,
2015-01-21 12:13 GMT+01:00 Erick Lichtas <EL...@linoma.com>:
> Hello,
>
> I'm not sure how much work has been done with this on the project with
> this lately, but what needs to be added is an option that allows the
> 'enabled ssl protocols' to be set on the mina SSLFilter in a few spots.
> Basically, every place in the code that calls
> sslFilter.setEnabledCipherSuites(..) should also/instead call
> sslFilter.setEnabledProtocols(..). If such is done, you can granularly
> control which SSL/TLS protocols are enabled on the server. And this works
> well for the Oracle and IBM jvms.
>
> Regards,
> Erick
>
> -----Original Message-----
> From: juergen sorg [mailto:j.sorg@fz-juelich.de]
> Sent: Wednesday, January 21, 2015 12:58 AM
> To: ftpserver-users@mina.apache.org
> Subject: disable sslv3
>
> hi,
>
> is it possible to disable some SSL and TLS versions in apache mina ftp
> server?
> i read the documentation, but there is only the option to choose between
> SSL or TLS. and if i specifiy TLS in the configuration (spring confign
> file) then the same protocols are enabled as i use SSL (i could connect
> by using openssl client with SSLv3, TLSv1 TLSv1.1 TLSv1.2
>
> thanks in advance
>
> gruss juergen
>
>
RE: disable sslv3
Posted by Erick Lichtas <EL...@linoma.com>.
Hello,
I'm not sure how much work has been done with this on the project with this lately, but what needs to be added is an option that allows the 'enabled ssl protocols' to be set on the mina SSLFilter in a few spots. Basically, every place in the code that calls sslFilter.setEnabledCipherSuites(..) should also/instead call sslFilter.setEnabledProtocols(..). If such is done, you can granularly control which SSL/TLS protocols are enabled on the server. And this works well for the Oracle and IBM jvms.
Regards,
Erick
-----Original Message-----
From: juergen sorg [mailto:j.sorg@fz-juelich.de]
Sent: Wednesday, January 21, 2015 12:58 AM
To: ftpserver-users@mina.apache.org
Subject: disable sslv3
hi,
is it possible to disable some SSL and TLS versions in apache mina ftp
server?
i read the documentation, but there is only the option to choose between
SSL or TLS. and if i specifiy TLS in the configuration (spring confign
file) then the same protocols are enabled as i use SSL (i could connect
by using openssl client with SSLv3, TLSv1 TLSv1.1 TLSv1.2
thanks in advance
gruss juergen