FileZilla Forums

I'm posting to reach out if anyone has had an occurrence of the Beast vulnerability within the version 0.9.60beta showing up with an internal scan reflecting Negotiated cipher suite: AES256-SHA|TLSv1|Kx=RSA|Au=RSA|Enc=AES-CBC(256)|Mac=SHA1 off TLS port 990.

This is showing a vulnerability and I find no record to remediate this - I believe if AES 256 is turned off Filezilla will no longer work.

Any input will be much appreciated.

You can disable TLSv1 by setting the "Minimum TLS version" in FileZilla Server.xml to 1 or 2, to require at least TLSv1.1 or 1.2 respectively.