Remove unsecure SHA1 ciphers

Message

Remy64 · #1 Post by **Remy64** » 2021-03-15 23:08

Hello,

On last Filezilla server software (0.9.60.2 beta) there are unsecure ciphers accepted :

DHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-RSA-CAMELLIA128-SHA,DHE-RSA-CAMELLIA256-SHA,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA,AES128-SHA,AES256-SHA,CAMELLIA128-SHA,CAMELLIA256-SHA

There are unsecure because the MAC algorithm is SHA1 which is not secure anymore.

Could you please tell me how I can remove these ciphers ?

Thanks,

Best Regards

#2 Post by **botg** » 2021-03-16 08:23

There is currently no way to do this.

Remy64 · #3 Post by **Remy64** » 2021-03-16 20:51

Thanks for your quick answer.

Maybe I ask too much but is it possible to make a new version like 0.9.60.3 beta with exclusion of this kinds of ciphers by add !SHA to the line 1092 of the file AsyncSslSocketLayer.cpp ?

Like :

pSSL_set_cipher_list(m_ssl, "DEFAULT:!eNULL:!aNULL:!DES:!3DES:!WEAK:!EXP:!LOW:!MD5:!RC4:!SEED:!IDEA:!PSK:!SRP:!SHA");

Instead of :

pSSL_set_cipher_list(m_ssl, "DEFAULT:!eNULL:!aNULL:!DES:!3DES:!WEAK:!EXP:!LOW:!MD5:!RC4:!SEED:!IDEA:!PSK:!SRP");

It's kindly request, you already developped application and I'm happy to use it for free.

If it's possible I'm will be more happy

Have a good day

Best Regards

#4 Post by **boco** » 2021-04-07 15:39

It is not possible to compile a new version of the old server code anymore. To my knowledge, it doesn't compile correctly anymore on a new compiler/linker.

However, there is a completely new server in the works.

FileZilla Forums

Remove unsecure SHA1 ciphers

Remove unsecure SHA1 ciphers

Re: Remove unsecure SHA1 ciphers

Re: Remove unsecure SHA1 ciphers

Re: Remove unsecure SHA1 ciphers