Skip to content

Support ECHDE cipher suites #7344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cyberduck opened this issue Jul 12, 2013 · 5 comments
Closed

Support ECHDE cipher suites #7344

cyberduck opened this issue Jul 12, 2013 · 5 comments
Labels
bug fixed webdav WebDAV Protocol Implementation
Milestone
4.4

Comments

@cyberduck
Copy link
Collaborator

34092a6 created the issue

Here's my Apache/2.4.4 (FreeBSD) OpenSSL/1.0.1e configuration:

SSLProtocol -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA

here's the target WebDAV/S resource:

URL: https://teban.pixi.me
Remote Path: /w/webdav/
Username: webdav
Password: webdav

When I attempt to connect, I get the following error from Cyberduck 4.3.1


 I/O Error: Connection failed, Received fatal alert: handshake_failure.

So my questions are as follows:

  1. is SSLv3 a requirement for Cyberduck to connect with an HTTPS endpoint?
  2. does it / will it support ECHDE ciphersuites alongside TLSv1-1.2 protocols?

Please advise, thank you!
@cyberduck
Copy link
Collaborator Author

@dkocher commented

The negotiation works here with the latest snapshot build as these builds have an updated SSL stack.

HEAD /w/webdav/ HTTP/1.1
Host: teban.pixi.me
Connection: Keep-Alive
User-Agent: Cyberduck/4.4 (Mac OS X/10.8.4) (x86_64)
Authorization: Basic d2ViZGF2OndlYmRhdg==
HTTP/1.1 403 Forbidden
Date: Sat, 13 Jul 2013 09:41:48 GMT
Server: Apache
Keep-Alive: timeout=6
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
PROPFIND /w/webdav/ HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 0
Host: teban.pixi.me
Connection: Keep-Alive
User-Agent: Cyberduck/4.4 (Mac OS X/10.8.4) (x86_64)
Authorization: Basic d2ViZGF2OndlYmRhdg==
HTTP/1.1 403 Forbidden
Date: Sat, 13 Jul 2013 09:41:48 GMT
Server: Apache
Content-Length: 1
Keep-Alive: timeout=6
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

@cyberduck
Copy link
Collaborator Author

34092a6 commented

hi David,

Thank you for adding support for ECHDE ciphers with the latest build. I was able to test it with Cyberduck-11917.tar - the only issue I have now is why my uploads still end up as 0-bytes even when the Cyberduck GUI verified with an "upload complete" notice?

on the backup, Apache logs the PUT request as 200 (success) with 663 bytes out, 390 bytes in but the actual filesize is 139KB


x.x.x.x teban.pixi.me [13/Jul/2013:09:37:25 -0400] webdav "PUT /w/webdav/sjjsk/telma-042313-filtered1.jpg HTTP/1.1" 200 663 390 "-" "Cyberduck/4.4 (Mac OS X/10.7.5) (x86_64)"


x.x.x.x teban.pixi.me [13/Jul/2013:09:37:25 -0400] webdav "PROPFIND /w/webdav/sjjsk/ HTTP/1.1" 207 711 3184 "-" "Cyberduck/4.4 (Mac OS X/10.7.5) (x86_64)"

All other WebDAV/S clients I've tested except Cyberduck works, even curl works with

curl -u webdav:webdav -T /path/to/local/filename https://teban.pixi.me/w/webdav/

I will pay for a license from the Mac App Store if I can get this working somehow.
Please advise, thank you!

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [comment:3 wwwpixime]:

hi David,

Thank you for adding support for ECHDE ciphers with the latest build. I was able to test it with Cyberduck-11917.tar - the only issue I have now is why my uploads still end up as 0-bytes even when the Cyberduck GUI verified with an "upload complete" notice?

on the backup, Apache logs the PUT request as 200 (success) with 663 bytes out, 390 bytes in but the actual filesize is 139KB


x.x.x.x teban.pixi.me [13/Jul/2013:09:37:25 -0400] webdav "PUT /w/webdav/sjjsk/telma-042313-filtered1.jpg HTTP/1.1" 200 663 390 "-" "Cyberduck/4.4 (Mac OS X/10.7.5) (x86_64)"


x.x.x.x teban.pixi.me [13/Jul/2013:09:37:25 -0400] webdav "PROPFIND /w/webdav/sjjsk/ HTTP/1.1" 207 711 3184 "-" "Cyberduck/4.4 (Mac OS X/10.7.5) (x86_64)"

All other WebDAV/S clients I've tested except Cyberduck works, even curl works with

curl -u webdav:webdav -T /path/to/local/filename https://teban.pixi.me/w/webdav/

I will pay for a license from the Mac App Store if I can get this working somehow.
Please advise, thank you!

This is an entirely different issue caused by a regression in current unstable snapshot builds. Can you replicate this with build 3aff618 or later? Then please find any related output in the system.log (/Applications/Utilities/Console.app).

@cyberduck
Copy link
Collaborator Author

34092a6 commented

just confirming ECDHE support is working for Mac OS X (latest built) - but the Windows build only supports RC4-SHA (latest build)

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [comment:5 wwwpixime]:

just confirming ECDHE support is working for Mac OS X (latest built) - but the Windows build only supports RC4-SHA (latest build)
In #7637.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug fixed webdav WebDAV Protocol Implementation
Projects
None yet
Milestone
4.4
Development

No branches or pull requests
1 participant
@cyberduck