Cyberduck Mountain Duck CLI

Opened on Jul 12, 2013 at 12:21:06 PM

Closed on Jul 13, 2013 at 9:44:57 AM

Last modified on Nov 24, 2013 at 9:42:15 PM

#7344 closed defect (fixed)

Support ECHDE cipher suites

Reported by: wwwpixime Owned by:
Priority: normal Milestone: 4.4
Component: webdav Version: 4.3.1
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description (last modified by wwwpixime)

Here's my Apache/2.4.4 (FreeBSD) OpenSSL/1.0.1e configuration: 

SSLProtocol -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA

here's the target WebDAV/S resource: 

URL: https://teban.pixi.me
Remote Path: /w/webdav/
Username: webdav
Password: webdav

When I attempt to connect, I get the following error from Cyberduck 4.3.1 

 I/O Error: Connection failed, Received fatal alert: handshake_failure.

So my questions are as follows:

  1. is SSLv3 a requirement for Cyberduck to connect with an HTTPS endpoint?
  2. does it / will it support ECHDE ciphersuites alongside TLSv1-1.2 protocols?

Please advise, thank you!

Change History (6)

comment:1 Changed on Jul 12, 2013 at 12:25:33 PM by wwwpixime

  • Description modified (diff)

comment:2 Changed on Jul 13, 2013 at 9:44:57 AM by dkocher

  • Component changed from core to webdav
  • Milestone set to 4.4
  • Resolution set to fixed
  • Status changed from new to closed
  • Summary changed from WebDAV over HTTPS issue to Support ECHDE cipher suites

The negotiation works here with the latest snapshot build as these builds have an updated SSL stack. 

HEAD /w/webdav/ HTTP/1.1
Host: teban.pixi.me
Connection: Keep-Alive
User-Agent: Cyberduck/4.4 (Mac OS X/10.8.4) (x86_64)
Authorization: Basic d2ViZGF2OndlYmRhdg==
HTTP/1.1 403 Forbidden
Date: Sat, 13 Jul 2013 09:41:48 GMT
Server: Apache
Keep-Alive: timeout=6
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
PROPFIND /w/webdav/ HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 0
Host: teban.pixi.me
Connection: Keep-Alive
User-Agent: Cyberduck/4.4 (Mac OS X/10.8.4) (x86_64)
Authorization: Basic d2ViZGF2OndlYmRhdg==
HTTP/1.1 403 Forbidden
Date: Sat, 13 Jul 2013 09:41:48 GMT
Server: Apache
Content-Length: 1
Keep-Alive: timeout=6
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

comment:3 follow-up: Changed on Jul 13, 2013 at 1:51:02 PM by wwwpixime

hi David,

Thank you for adding support for ECHDE ciphers with the latest build. I was able to test it with Cyberduck-11917.tar - the only issue I have now is why my uploads still end up as 0-bytes even when the Cyberduck GUI verified with an "upload complete" notice?

on the backup, Apache logs the PUT request as 200 (success) with 663 bytes out, 390 bytes in but the actual filesize is 139KB 

x.x.x.x teban.pixi.me [13/Jul/2013:09:37:25 -0400] webdav "PUT /w/webdav/sjjsk/telma-042313-filtered1.jpg HTTP/1.1" 200 663 390 "-" "Cyberduck/4.4 (Mac OS X/10.7.5) (x86_64)"


x.x.x.x teban.pixi.me [13/Jul/2013:09:37:25 -0400] webdav "PROPFIND /w/webdav/sjjsk/ HTTP/1.1" 207 711 3184 "-" "Cyberduck/4.4 (Mac OS X/10.7.5) (x86_64)"

All other WebDAV/S clients I've tested except Cyberduck works, even curl works with 

curl -u webdav:webdav -T /path/to/local/filename https://teban.pixi.me/w/webdav/

I will pay for a license from the Mac App Store if I can get this working somehow. Please advise, thank you!

comment:4 in reply to: ↑ 3 Changed on Jul 15, 2013 at 6:55:07 PM by dkocher

Replying to wwwpixime:

hi David,

Thank you for adding support for ECHDE ciphers with the latest build. I was able to test it with Cyberduck-11917.tar - the only issue I have now is why my uploads still end up as 0-bytes even when the Cyberduck GUI verified with an "upload complete" notice?

on the backup, Apache logs the PUT request as 200 (success) with 663 bytes out, 390 bytes in but the actual filesize is 139KB 

x.x.x.x teban.pixi.me [13/Jul/2013:09:37:25 -0400] webdav "PUT /w/webdav/sjjsk/telma-042313-filtered1.jpg HTTP/1.1" 200 663 390 "-" "Cyberduck/4.4 (Mac OS X/10.7.5) (x86_64)"


x.x.x.x teban.pixi.me [13/Jul/2013:09:37:25 -0400] webdav "PROPFIND /w/webdav/sjjsk/ HTTP/1.1" 207 711 3184 "-" "Cyberduck/4.4 (Mac OS X/10.7.5) (x86_64)"

All other WebDAV/S clients I've tested except Cyberduck works, even curl works with 

curl -u webdav:webdav -T /path/to/local/filename https://teban.pixi.me/w/webdav/

I will pay for a license from the Mac App Store if I can get this working somehow. Please advise, thank you!

This is an entirely different issue caused by a regression in current unstable snapshot builds. Can you replicate this with build r11968 or later? Then please find any related output in the system.log (/Applications/Utilities/Console.app).

comment:5 follow-up: Changed on Nov 24, 2013 at 6:47:05 PM by wwwpixime

just confirming ECDHE support is working for Mac OS X (latest built) - but the Windows build only supports RC4-SHA (latest build)

comment:6 in reply to: ↑ 5 Changed on Nov 24, 2013 at 9:42:15 PM by dkocher

Replying to wwwpixime:

just confirming ECDHE support is working for Mac OS X (latest built) - but the Windows build only supports RC4-SHA (latest build)

In #7637.

Note: See TracTickets for help on using tickets.