You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "AvnerW (Jira)" <ji...@apache.org> on 2021/06/08 09:13:00 UTC

[jira] [Created] (FTPSERVER-503) Cannot limit the server to listen for client connections using TLS 1.2(/1.3) only

AvnerW created FTPSERVER-503:
--------------------------------

             Summary: Cannot limit the server to listen for client connections using TLS 1.2(/1.3) only
                 Key: FTPSERVER-503
                 URL: https://issues.apache.org/jira/browse/FTPSERVER-503
             Project: FtpServer
          Issue Type: Bug
          Components: Core, Server
            Reporter: AvnerW


Hi,

I would like to know if there is a way to limit the server to listen for TLS 1.2(/1.3) only and block older versions of SSL/TLS (TLS1.1, TLS1.0 or SSLv3).

I'm using:
 *ftpserver-core 1.1.1*
 *mina-core 2.0.21*

I tried to *setSslProtocol*("TLSv1.2") in the *SslConfigurationFactory*.
 As I understand this is should affect the *SSLContext* initialization.

However, I am able to connect to the server with both:
 - WinSCP client after setting the min & max TLS version to *TLSv1.0-TLSv1.0*
 - openssl s_client -connect <server>:<port> *-tls1* -starttls ftp

I am expecting both to fail (as the server should only accept TLS 1.2)

Any idea if this is a bug or not yet supported in Apache FTP?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org