You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "AvnerW (Jira)" <ji...@apache.org> on 2021/06/08 09:13:00 UTC
[jira] [Created] (FTPSERVER-503) Cannot limit the server to listen
for client connections using TLS 1.2(/1.3) only
AvnerW created FTPSERVER-503:
--------------------------------
Summary: Cannot limit the server to listen for client connections using TLS 1.2(/1.3) only
Key: FTPSERVER-503
URL: https://issues.apache.org/jira/browse/FTPSERVER-503
Project: FtpServer
Issue Type: Bug
Components: Core, Server
Reporter: AvnerW
Hi,
I would like to know if there is a way to limit the server to listen for TLS 1.2(/1.3) only and block older versions of SSL/TLS (TLS1.1, TLS1.0 or SSLv3).
I'm using:
*ftpserver-core 1.1.1*
*mina-core 2.0.21*
I tried to *setSslProtocol*("TLSv1.2") in the *SslConfigurationFactory*.
As I understand this is should affect theĀ *SSLContext* initialization.
However, I am able to connect to the server with both:
- WinSCP client after setting the min & max TLS version to *TLSv1.0-TLSv1.0*
- openssl s_client -connect <server>:<port> *-tls1* -starttls ftp
I am expecting both to fail (as the server should only accept TLS 1.2)
Any idea if this is a bug or not yet supported in Apache FTP?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org