I'm posting to reach out if anyone has had an occurrence of the Beast vulnerability within the version 0.9.60beta showing up with an internal scan reflecting Negotiated cipher suite: AES256-SHA|TLSv1|Kx=RSA|Au=RSA|Enc=AES-CBC(256)|Mac=SHA1 off TLS port 990.
This is showing a vulnerability and I find no record to remediate this - I believe if AES 256 is turned off Filezilla will no longer work.
Any input will be much appreciated.
Beast vulnerability found in Filezila
Moderator: Project members
-
- 500 Command not understood
- Posts: 2
- Joined: 2020-05-06 23:09
- First name: Timothy
- Last name: Patterson
Re: Beast vulnerability found in Filezila
You can disable TLSv1 by setting the "Minimum TLS version" in FileZilla Server.xml to 1 or 2, to require at least TLSv1.1 or 1.2 respectively.
-
- 500 Command not understood
- Posts: 2
- Joined: 2020-05-06 23:09
- First name: Timothy
- Last name: Patterson
Re: Beast vulnerability found in Filezila
Thank you Tim, sorry to post on this reply I couldn't get this uploaded on the main page tried several browsers.
I am needing to migrate Filezilla server from one server to another, version is 0.9.60 beta. I have the same version preinstalled on the new server, I stopped all services, copied the Filezilla server.xml file over as well the cert then started the service on the new server. I see browse is greyed out, I’ve searched the forums and cannot find the solution could you please assist. I muchly would appreciate you…..
I am needing to migrate Filezilla server from one server to another, version is 0.9.60 beta. I have the same version preinstalled on the new server, I stopped all services, copied the Filezilla server.xml file over as well the cert then started the service on the new server. I see browse is greyed out, I’ve searched the forums and cannot find the solution could you please assist. I muchly would appreciate you…..
Re: Beast vulnerability found in Filezila
You must update to the most recent version of FileZilla, outdated versions are entirely unsupported.