Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TLS 1.1-1.2 support (better, secure protocols) #7637

Closed
cyberduck opened this issue Nov 24, 2013 · 11 comments
Closed

TLS 1.1-1.2 support (better, secure protocols) #7637

cyberduck opened this issue Nov 24, 2013 · 11 comments
Assignees
Milestone

Comments

@cyberduck
Copy link
Collaborator

34092a6 created the issue

hi David,

This feature request may not be on demand, but I'll just propose this hoping it will be reconsidered in the future versions.

I've setup 5 public WebDAV targets for developer testing (Login: webdav/webdav)

ciphers we use (in Server preferred order):

  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-RC4-SHA
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES128-SHA
  • RC4-SHA

Per target, my testing involves these actions:

  • upload/rename/delete files of various types (image, docs, pdfs)
  • upload/rename/delete/move folders

I'll update the entry for Cyberduck (both platforms) in https://pixi.me/webdav.php#matrix whenever these enhancement request will get implemented in the future.

Thanks again!

Best regards,

Steve Caturan

@cyberduck
Copy link
Collaborator Author

@dkocher commented

SunJSSE Provider

1Although SunJSSE in the Java SE 7 release supports TLS 1.1 and TLS 1.2, neither version is enabled by default for client connections. Some servers do not implement forward compatibility correctly and refuse to talk to TLS 1.1 or TLS 1.2 clients. For interoperability, SunJSSE does not enable TLS 1.1 or TLS 1.2 by default for client connections

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Fix use of custom SSL socket configuration in 4825fe9.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

In 0c011a3.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Please test with the latest snapshot build available.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

We have tests added in 0c011a3 but do not assert the protocol versions.

@cyberduck
Copy link
Collaborator Author

34092a6 commented

Thank you for implementing this enhancement, I didn't expect it this quick. I can confirm that Cyberduck 4.4.x build 14107 supports TLSv1.2, TLSv1.1 and TLSv1.0 on Apache 2.4.6/mod_ssl OpenSSL/1.0.1e

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [comment:8 wwwpixime]:

Thank you for implementing this enhancement, I didn't expect it this quick. I can confirm that Cyberduck 4.4.x build 14107 supports TLSv1.2, TLSv1.1 and TLSv1.0 on Apache 2.4.6/mod_ssl OpenSSL/1.0.1e

Thanks for your testing and interoperability matrix!

@cyberduck
Copy link
Collaborator Author

@dkocher commented

TLSv1.2 is currently known not work (handshake failure) in the Windows version.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [comment:11 dkocher]:

TLSv1.2 is currently known not work (handshake failure) in the Windows version.

Caused by missing ECDHE ciphers.

@cyberduck
Copy link
Collaborator Author

@ylangisc commented

In b2e7ae3. A new snapshot build is available.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#7760 closed as duplicate.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants