Cyberduck Mountain Duck CLI

#7637 closed enhancement (fixed)

TLS 1.1-1.2 support (better, secure protocols)

Reported by: wwwpixime Owned by: dkocher
Priority: lowest Milestone: 4.4.4
Component: core Version: 4.4.2
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description (last modified by wwwpixime)

hi David,

This feature request may not be on demand, but I'll just propose this hoping it will be reconsidered in the future versions.

I've setup 5 public WebDAV targets for developer testing (Login: webdav/webdav)

  • https://g2.pixi.me/w/webdav/ (no SSLv3, supports TLSv1-1.2 - Gallery 2 WebDAV module framework) - uploads will render 0 bytes because Cyberduck only supports certain types of WebDAV frameworks, mainly Apache/mod_dav

ciphers we use (in Server preferred order):

  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-RC4-SHA
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES128-SHA
  • RC4-SHA

Per target, my testing involves these actions:

  • upload/rename/delete files of various types (image, docs, pdfs)
  • upload/rename/delete/move folders

I'll update the entry for Cyberduck (both platforms) in https://pixi.me/webdav.php#matrix whenever these enhancement request will get implemented in the future.

Thanks again!

Best regards,

Steve Caturan

Change History (15)

comment:1 Changed on Nov 24, 2013 at 7:01:35 PM by wwwpixime

  • Description modified (diff)

comment:2 Changed on Nov 25, 2013 at 12:44:10 PM by dkocher

  • Milestone set to 4.5
  • Owner set to dkocher
  • Status changed from new to assigned

comment:3 Changed on Nov 25, 2013 at 1:04:31 PM by dkocher

SunJSSE Provider

1Although SunJSSE in the Java SE 7 release supports TLS 1.1 and TLS 1.2, neither version is enabled by default for client connections. Some servers do not implement forward compatibility correctly and refuse to talk to TLS 1.1 or TLS 1.2 clients. For interoperability, SunJSSE does not enable TLS 1.1 or TLS 1.2 by default for client connections

comment:4 Changed on Nov 25, 2013 at 1:05:20 PM by dkocher

Fix use of custom SSL socket configuration in r14101.

comment:5 Changed on Nov 25, 2013 at 1:33:59 PM by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

In r14103.

comment:6 Changed on Nov 25, 2013 at 3:59:56 PM by dkocher

Please test with the latest snapshot build available.

comment:7 Changed on Nov 25, 2013 at 4:01:30 PM by dkocher

We have tests added in r14103 but do not assert the protocol versions.

comment:8 follow-up: Changed on Nov 25, 2013 at 4:17:27 PM by wwwpixime

Thank you for implementing this enhancement, I didn't expect it this quick. I can confirm that Cyberduck 4.4.x build 14107 supports TLSv1.2, TLSv1.1 and TLSv1.0 on Apache 2.4.6/mod_ssl OpenSSL/1.0.1e

comment:9 in reply to: ↑ 8 Changed on Nov 25, 2013 at 4:18:20 PM by dkocher

Replying to wwwpixime:

Thank you for implementing this enhancement, I didn't expect it this quick. I can confirm that Cyberduck 4.4.x build 14107 supports TLSv1.2, TLSv1.1 and TLSv1.0 on Apache 2.4.6/mod_ssl OpenSSL/1.0.1e

Thanks for your testing and interoperability matrix!

comment:10 Changed on Nov 26, 2013 at 9:17:46 PM by dkocher

  • Milestone changed from 4.5 to 4.4.3

comment:11 follow-up: Changed on Nov 28, 2013 at 12:59:29 PM by dkocher

TLSv1.2 is currently known not work (handshake failure) in the Windows version.

comment:12 Changed on Jan 14, 2014 at 7:52:07 AM by dkocher

  • Milestone changed from 4.4.3 to 4.4.4
  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:13 in reply to: ↑ 11 Changed on Jan 16, 2014 at 1:51:26 PM by dkocher

Replying to dkocher:

TLSv1.2 is currently known not work (handshake failure) in the Windows version.

Caused by missing ECDHE ciphers.

comment:14 Changed on Jan 17, 2014 at 11:17:19 AM by yla

  • Resolution set to fixed
  • Status changed from reopened to closed

In r14216 and r14217. A new snapshot build is available.

Version 0, edited on Jan 17, 2014 at 11:17:19 AM by yla (next)

comment:15 Changed on Jan 23, 2014 at 9:43:30 PM by dkocher

#7760 closed as duplicate.

Note: See TracTickets for help on using tickets.
swiss made software