[ https://issues.apache.org/jira/browse/FTPSERVER-491?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Valliere resolved FTPSERVER-491. ----------------------------------------- Resolution: Fixed Merged /FTPSERVER-491 with /master > SSLConfigurationFactory.setSslProtocol never actually work > ---------------------------------------------------------- > > Key: FTPSERVER-491 > URL: https://issues.apache.org/jira/browse/FTPSERVER-491 > Project: FtpServer > Issue Type: Bug > Components: Core > Affects Versions: 1.1.1 > Reporter: Roy Lu > Assignee: Jonathan Valliere > Priority: Critical > Labels: easyfix > Fix For: 1.1.2 > > > It says in the document: Set the SSL protocol used for this channel. > Supported values are "SSL" and "TLS". Defaults to "TLS". > Actually the available value could be TLSv1, TLSv1.1, TLSv1.2, SSLv3. This is > mentioned > [https://mina.apache.org/mina-project/userguide/ch11-ssl-filter/ch11-ssl-filter.html] > at the bottom. > But the things is, the +setSslProtocol+ method here actually doesn't work. > Because the ssl protocol set in the +SSLConfiguration+ is never used. Check > +NioListener+ you will see this: > Configuration of cipher suites was set into +sslFilter+ but no protocol. It > seems protocols are missing. > |if (ssl.getEnabledCipherSuites() != null) { > sslFilter.setEnabledCipherSuites(ssl.getEnabledCipherSuites()); > } > > | > This leads to a problem: > In +SSLHandler+ protocols will be set into +sslEngine+. Because protocol was > lost when building sslFilter, so the protocols setting never work. > > |if (this.sslFilter.getEnabledCipherSuites() != null) { > > this.sslEngine.setEnabledCipherSuites(this.sslFilter.getEnabledCipherSuites()); > } > > if (this.sslFilter.getEnabledProtocols() != null) { > this.sslEngine.setEnabledProtocols(this.sslFilter.getEnabledProtocols()); > }| > > I found this because I scanned FTP with Nmap. I set it to critical because > it's a security issue and hope it can be fixed soon. > > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org