Uploaded image for project: 'FtpServer'
  1. FtpServer
  2. FTPSERVER-491

SSLConfigurationFactory.setSslProtocol never actually work

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 1.1.1
    • 1.1.2
    • Core

    Description

      It says in the document: Set the SSL protocol used for this channel. Supported values are "SSL" and "TLS". Defaults to "TLS".

      Actually the available value could be TLSv1, TLSv1.1, TLSv1.2, SSLv3. This is mentioned https://mina.apache.org/mina-project/userguide/ch11-ssl-filter/ch11-ssl-filter.html at the bottom.

      But the things is, the setSslProtocol method here actually doesn't work. Because the ssl protocol set in the SSLConfiguration is never used. Check NioListener you will see this:

      Configuration of cipher suites was set into sslFilter but no protocol. It seems protocols are missing.

      if (ssl.getEnabledCipherSuites() != null) {     sslFilter.setEnabledCipherSuites(ssl.getEnabledCipherSuites()); }

       

      This leads to a problem:

      In SSLHandler protocols will be set into sslEngine. Because protocol was lost when building sslFilter, so the protocols setting never work.

       

      if (this.sslFilter.getEnabledCipherSuites() != null) {     this.sslEngine.setEnabledCipherSuites(this.sslFilter.getEnabledCipherSuites()); }

       
      if (this.sslFilter.getEnabledProtocols() != null)

      {    this.sslEngine.setEnabledProtocols(this.sslFilter.getEnabledProtocols()); }

       

      I found this because I scanned FTP with Nmap. I set it to critical because it's a security issue and hope it can be fixed soon.

       

       

      Attachments

        Activity

          People

            johnnyv Jonathan Valliere
            roylu Roy Lu
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: