You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "John Hartnup (JIRA)" <ji...@apache.org> on 2015/01/22 13:22:35 UTC
[jira] [Updated] (FTPSERVER-459) Allow SSL protocol selection so
SSL 3.0 can be turned off due to the Poodle attack vector
[ https://issues.apache.org/jira/browse/FTPSERVER-459?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John Hartnup updated FTPSERVER-459:
-----------------------------------
Attachment: apache-ftpserver-1.0.6.patchj.tar.gz
Patch supplied to mailing list by j.sorg@fz-juelich.de
I haven't personally tested this.
> Allow SSL protocol selection so SSL 3.0 can be turned off due to the Poodle attack vector
> -----------------------------------------------------------------------------------------
>
> Key: FTPSERVER-459
> URL: https://issues.apache.org/jira/browse/FTPSERVER-459
> Project: FtpServer
> Issue Type: Bug
> Components: Core
> Affects Versions: 1.0.6
> Reporter: Greg Woolsey
> Priority: Critical
> Attachments: apache-ftpserver-1.0.6.patchj.tar.gz
>
>
> Per [this US-CERT alert|https://www.us-cert.gov/ncas/alerts/TA14-290A] SSL 3.0 should no longer be used.
> Apache Mina supports setting the allowed protocols via the {{setEnabledProtocols()}} method of {{SslFilter}}.
> However, There is currently no way I can see to access the filter or affect its creation and initialization in this regard.
> FTP Server needs another attribute for {{SslConfiguration}} similar to the existing {{getEnabledCipherSuites()}} for {{getEnabledProtocols}}.
> This doesn't look too hard to implement, but I can't see any way to do it without modifying the FTP server code.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)