Opened on Nov 24, 2013 at 6:59:42 PM
Closed on Jan 17, 2014 at 11:17:19 AM
Last modified on Jan 23, 2014 at 9:43:30 PM
#7637 closed enhancement (fixed)
TLS 1.1-1.2 support (better, secure protocols)
Reported by: | wwwpixime | Owned by: | dkocher |
---|---|---|---|
Priority: | lowest | Milestone: | 4.4.4 |
Component: | core | Version: | 4.4.2 |
Severity: | normal | Keywords: | |
Cc: | Architecture: | ||
Platform: |
Description (last modified by wwwpixime)
hi David,
This feature request may not be on demand, but I'll just propose this hoping it will be reconsidered in the future versions.
I've setup 5 public WebDAV targets for developer testing (Login: webdav/webdav)
- https://dav.pixi.me/ (no SSLv3, supports TLSv1-1.2 - Apache/mod_dav framework)
- https://tlsv11.pixi.me/ (no SSLv3, supports TLSv1.1 only -Apache/mod_dav framework)
- https://tlsv12.pixi.me/ (no SSLv3, supports TLSv1.2 only - Apache/mod_dav framework)
- http://dav.negimaki.com/ (no SSL/TLS required - Apache/mod_dav framework)
- https://g2.pixi.me/w/webdav/ (no SSLv3, supports TLSv1-1.2 - Gallery 2 WebDAV module framework) - uploads will render 0 bytes because Cyberduck only supports certain types of WebDAV frameworks, mainly Apache/mod_dav
ciphers we use (in Server preferred order):
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-RC4-SHA
- ECDHE-RSA-AES256-SHA384
- ECDHE-RSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA
- RC4-SHA
Per target, my testing involves these actions:
- upload/rename/delete files of various types (image, docs, pdfs)
- upload/rename/delete/move folders
I'll update the entry for Cyberduck (both platforms) in https://pixi.me/webdav.php#matrix whenever these enhancement request will get implemented in the future.
Thanks again!
Best regards,
Steve Caturan
Change History (15)
comment:1 Changed on Nov 24, 2013 at 7:01:35 PM by wwwpixime
- Description modified (diff)
comment:2 Changed on Nov 25, 2013 at 12:44:10 PM by dkocher
- Milestone set to 4.5
- Owner set to dkocher
- Status changed from new to assigned
comment:3 Changed on Nov 25, 2013 at 1:04:31 PM by dkocher
comment:4 Changed on Nov 25, 2013 at 1:05:20 PM by dkocher
Fix use of custom SSL socket configuration in r14101.
comment:5 Changed on Nov 25, 2013 at 1:33:59 PM by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
In r14103.
comment:6 Changed on Nov 25, 2013 at 3:59:56 PM by dkocher
Please test with the latest snapshot build available.
comment:7 Changed on Nov 25, 2013 at 4:01:30 PM by dkocher
We have tests added in r14103 but do not assert the protocol versions.
comment:8 follow-up: ↓ 9 Changed on Nov 25, 2013 at 4:17:27 PM by wwwpixime
Thank you for implementing this enhancement, I didn't expect it this quick. I can confirm that Cyberduck 4.4.x build 14107 supports TLSv1.2, TLSv1.1 and TLSv1.0 on Apache 2.4.6/mod_ssl OpenSSL/1.0.1e
comment:9 in reply to: ↑ 8 Changed on Nov 25, 2013 at 4:18:20 PM by dkocher
Replying to wwwpixime:
Thank you for implementing this enhancement, I didn't expect it this quick. I can confirm that Cyberduck 4.4.x build 14107 supports TLSv1.2, TLSv1.1 and TLSv1.0 on Apache 2.4.6/mod_ssl OpenSSL/1.0.1e
Thanks for your testing and interoperability matrix!
comment:10 Changed on Nov 26, 2013 at 9:17:46 PM by dkocher
- Milestone changed from 4.5 to 4.4.3
comment:11 follow-up: ↓ 13 Changed on Nov 28, 2013 at 12:59:29 PM by dkocher
TLSv1.2 is currently known not work (handshake failure) in the Windows version.
comment:12 Changed on Jan 14, 2014 at 7:52:07 AM by dkocher
- Milestone changed from 4.4.3 to 4.4.4
- Resolution fixed deleted
- Status changed from closed to reopened
comment:13 in reply to: ↑ 11 Changed on Jan 16, 2014 at 1:51:26 PM by dkocher
Replying to dkocher:
TLSv1.2 is currently known not work (handshake failure) in the Windows version.
Caused by missing ECDHE ciphers.
comment:14 Changed on Jan 17, 2014 at 11:17:19 AM by yla
- Resolution set to fixed
- Status changed from reopened to closed
comment:15 Changed on Jan 23, 2014 at 9:43:30 PM by dkocher
#7760 closed as duplicate.
SunJSSE Provider