Beast vulnerability found in Filezila

[yellowrider03]

I'm posting to reach out if anyone has had an occurrence of the Beast vulnerability within the version 0.9.60beta showing up with an internal scan reflecting Negotiated cipher suite: AES256-SHA|TLSv1|Kx=RSA|Au=RSA|Enc=AES-CBC(256)|Mac=SHA1 off TLS port 990.

This is showing a vulnerability and I find no record to remediate this - I believe if AES 256 is turned off Filezilla will no longer work.

Any input will be much appreciated.

[botg]

You can disable TLSv1 by setting the "Minimum TLS version" in FileZilla Server.xml to 1 or 2, to require at least TLSv1.1 or 1.2 respectively.

[yellowrider03]

Thank you Tim, sorry to post on this reply I couldn't get this uploaded on the main page tried several browsers.

I am needing to migrate Filezilla server from one server to another, version is 0.9.60 beta. I have the same version preinstalled on the new server, I stopped all services, copied the Filezilla server.xml file over as well the cert then started the service on the new server. I see browse is greyed out, I’ve searched the forums and cannot find the solution could you please assist. I muchly would appreciate you…..

[botg]

You must update to the most recent version of FileZilla, outdated versions are entirely unsupported.