Cyberduck Mountain Duck CLI

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#7637 closed enhancement (fixed)

TLS 1.1-1.2 support (better, secure protocols)

Reported by: wwwpixime Owned by: dkocher
Priority: lowest Milestone: 4.4.4
Component: core Version: 4.4.2
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description (last modified by wwwpixime)

hi David,

This feature request may not be on demand, but I'll just propose this hoping it will be reconsidered in the future versions.

I've setup 5 public WebDAV targets for developer testing (Login: webdav/webdav)

  • https://g2.pixi.me/w/webdav/ (no SSLv3, supports TLSv1-1.2 - Gallery 2 WebDAV module framework) - uploads will render 0 bytes because Cyberduck only supports certain types of WebDAV frameworks, mainly Apache/mod_dav

ciphers we use (in Server preferred order):

  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-RC4-SHA
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES128-SHA
  • RC4-SHA

Per target, my testing involves these actions:

  • upload/rename/delete files of various types (image, docs, pdfs)
  • upload/rename/delete/move folders

I'll update the entry for Cyberduck (both platforms) in https://pixi.me/webdav.php#matrix whenever these enhancement request will get implemented in the future.

Thanks again!

Best regards,

Steve Caturan

Change History (15)

comment:1 Changed 4 years ago by wwwpixime

  • Description modified (diff)

comment:2 Changed 4 years ago by dkocher

  • Milestone set to 4.5
  • Owner set to dkocher
  • Status changed from new to assigned

comment:3 Changed 4 years ago by dkocher

SunJSSE Provider

1Although SunJSSE in the Java SE 7 release supports TLS 1.1 and TLS 1.2, neither version is enabled by default for client connections. Some servers do not implement forward compatibility correctly and refuse to talk to TLS 1.1 or TLS 1.2 clients. For interoperability, SunJSSE does not enable TLS 1.1 or TLS 1.2 by default for client connections

comment:4 Changed 4 years ago by dkocher

Fix use of custom SSL socket configuration in r14101.

comment:5 Changed 4 years ago by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

In r14103.

comment:6 Changed 4 years ago by dkocher

Please test with the latest snapshot build available.

comment:7 Changed 4 years ago by dkocher

We have tests added in r14103 but do not assert the protocol versions.

comment:8 follow-up: Changed 4 years ago by wwwpixime

Thank you for implementing this enhancement, I didn't expect it this quick. I can confirm that Cyberduck 4.4.x build 14107 supports TLSv1.2, TLSv1.1 and TLSv1.0 on Apache 2.4.6/mod_ssl OpenSSL/1.0.1e

comment:9 in reply to: ↑ 8 Changed 4 years ago by dkocher

Replying to wwwpixime:

Thank you for implementing this enhancement, I didn't expect it this quick. I can confirm that Cyberduck 4.4.x build 14107 supports TLSv1.2, TLSv1.1 and TLSv1.0 on Apache 2.4.6/mod_ssl OpenSSL/1.0.1e

Thanks for your testing and interoperability matrix!

comment:10 Changed 4 years ago by dkocher

  • Milestone changed from 4.5 to 4.4.3

comment:11 follow-up: Changed 4 years ago by dkocher

TLSv1.2 is currently known not work (handshake failure) in the Windows version.

comment:12 Changed 4 years ago by dkocher

  • Milestone changed from 4.4.3 to 4.4.4
  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:13 in reply to: ↑ 11 Changed 4 years ago by dkocher

Replying to dkocher:

TLSv1.2 is currently known not work (handshake failure) in the Windows version.

Caused by missing ECDHE ciphers.

comment:14 Changed 4 years ago by yla

  • Resolution set to fixed
  • Status changed from reopened to closed

In r14216. A new snapshot build is available.

Last edited 4 years ago by dkocher (previous) (diff)

comment:15 Changed 4 years ago by dkocher

#7760 closed as duplicate.

Note: See TracTickets for help on using tickets.
swiss made software