Cyberduck
Mountain Duck
CLI#7637 closed enhancement (fixed)
TLS 1.1-1.2 support (better, secure protocols)
| Reported by: | wwwpixime | Owned by: | dkocher |
|---|---|---|---|
| Priority: | lowest | Milestone: | 4.4.4 |
| Component: | core | Version: | 4.4.2 |
| Severity: | normal | Keywords: | |
| Cc: | Architecture: | ||
| Platform: |
Description (last modified by wwwpixime)
hi David,
This feature request may not be on demand, but I'll just propose this hoping it will be reconsidered in the future versions.
I've setup 5 public WebDAV targets for developer testing (Login: webdav/webdav)
- https://dav.pixi.me/ (no SSLv3, supports TLSv1-1.2 - Apache/mod_dav framework)
- https://tlsv11.pixi.me/ (no SSLv3, supports TLSv1.1 only -Apache/mod_dav framework)
- https://tlsv12.pixi.me/ (no SSLv3, supports TLSv1.2 only - Apache/mod_dav framework)
- http://dav.negimaki.com/ (no SSL/TLS required - Apache/mod_dav framework)
- https://g2.pixi.me/w/webdav/ (no SSLv3, supports TLSv1-1.2 - Gallery 2 WebDAV module framework) - uploads will render 0 bytes because Cyberduck only supports certain types of WebDAV frameworks, mainly Apache/mod_dav
ciphers we use (in Server preferred order):
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-RC4-SHA
- ECDHE-RSA-AES256-SHA384
- ECDHE-RSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA
- RC4-SHA
Per target, my testing involves these actions:
- upload/rename/delete files of various types (image, docs, pdfs)
- upload/rename/delete/move folders
I'll update the entry for Cyberduck (both platforms) in https://pixi.me/webdav.php#matrix whenever these enhancement request will get implemented in the future.
Thanks again!
Best regards,
Steve Caturan
Change History (15)
comment:1 Changed 5 years ago by wwwpixime
- Description modified (diff)
comment:2 Changed 5 years ago by dkocher
- Milestone set to 4.5
- Owner set to dkocher
- Status changed from new to assigned
comment:3 Changed 5 years ago by dkocher
comment:4 Changed 5 years ago by dkocher
Fix use of custom SSL socket configuration in r14101.
comment:5 Changed 5 years ago by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
In r14103.
comment:6 Changed 5 years ago by dkocher
Please test with the latest snapshot build available.
comment:7 Changed 5 years ago by dkocher
We have tests added in r14103 but do not assert the protocol versions.
comment:8 follow-up: ↓ 9 Changed 5 years ago by wwwpixime
Thank you for implementing this enhancement, I didn't expect it this quick. I can confirm that Cyberduck 4.4.x build 14107 supports TLSv1.2, TLSv1.1 and TLSv1.0 on Apache 2.4.6/mod_ssl OpenSSL/1.0.1e
comment:9 in reply to: ↑ 8 Changed 5 years ago by dkocher
Replying to wwwpixime:
Thank you for implementing this enhancement, I didn't expect it this quick. I can confirm that Cyberduck 4.4.x build 14107 supports TLSv1.2, TLSv1.1 and TLSv1.0 on Apache 2.4.6/mod_ssl OpenSSL/1.0.1e
Thanks for your testing and interoperability matrix!
comment:10 Changed 5 years ago by dkocher
- Milestone changed from 4.5 to 4.4.3
comment:11 follow-up: ↓ 13 Changed 5 years ago by dkocher
TLSv1.2 is currently known not work (handshake failure) in the Windows version.
comment:12 Changed 5 years ago by dkocher
- Milestone changed from 4.4.3 to 4.4.4
- Resolution fixed deleted
- Status changed from closed to reopened
comment:13 in reply to: ↑ 11 Changed 5 years ago by dkocher
Replying to dkocher:
TLSv1.2 is currently known not work (handshake failure) in the Windows version.
Caused by missing ECDHE ciphers.
comment:14 Changed 5 years ago by yla
- Resolution set to fixed
- Status changed from reopened to closed
comment:15 Changed 5 years ago by dkocher
#7760 closed as duplicate.
SunJSSE Provider