mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Valliere (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (FTPSERVER-491) SSLConfigurationFactory.setSslProtocol never actually work
Date Fri, 01 Mar 2019 19:06:00 GMT

     [ https://issues.apache.org/jira/browse/FTPSERVER-491?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jonathan Valliere reassigned FTPSERVER-491:
-------------------------------------------

    Assignee: Jonathan Valliere

> SSLConfigurationFactory.setSslProtocol never actually work
> ----------------------------------------------------------
>
>                 Key: FTPSERVER-491
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-491
>             Project: FtpServer
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.1.1
>            Reporter: Roy Lu
>            Assignee: Jonathan Valliere
>            Priority: Critical
>              Labels: easyfix
>
> It says in the document: Set the SSL protocol used for this channel. Supported values
are "SSL" and "TLS". Defaults to "TLS".
> Actually the available value could be TLSv1, TLSv1.1, TLSv1.2, SSLv3. This is mentioned
[https://mina.apache.org/mina-project/userguide/ch11-ssl-filter/ch11-ssl-filter.html] at
the bottom.
> But the things is, the +setSslProtocol+ method here actually doesn't work. Because the
ssl protocol set in the +SSLConfiguration+ is never used. Check +NioListener+ you will see
this:
> Configuration of cipher suites was set into +sslFilter+ but no protocol. It seems protocols
are missing.
> |if (ssl.getEnabledCipherSuites() != null) {
>     sslFilter.setEnabledCipherSuites(ssl.getEnabledCipherSuites());
> }
>  
> |
> This leads to a problem:
> In +SSLHandler+ protocols will be set into +sslEngine+. Because protocol was lost when
building sslFilter, so the protocols setting never work.
>  
> |if (this.sslFilter.getEnabledCipherSuites() != null) {
>     this.sslEngine.setEnabledCipherSuites(this.sslFilter.getEnabledCipherSuites());
> }
>  
> if (this.sslFilter.getEnabledProtocols() != null) {
>    this.sslEngine.setEnabledProtocols(this.sslFilter.getEnabledProtocols());
> }|
>  
> I found this because I scanned FTP with Nmap. I set it to critical because it's a security
issue and hope it can be fixed soon.
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message