Page 1 of 1

Disable SSLv2

Posted: Wed Jul 07, 2010 12:37 pm
by baptiste
Hi,
Is it possible to disable SSLv2 for encrypted ftps connections ?

Regards

Re: Disable SSLv2

Posted: Wed Jul 07, 2010 5:50 pm
by FTP
It is impossible, has no such option.

Re: Disable SSLv2

Posted: Thu Jul 08, 2010 2:37 pm
by baptiste
SSLv2 protocol is known to have security flaws, it will be nice to have the possibility to set protocols or cyphers that we want to use (or disable) for encrypted connections.

Re: Disable SSLv2

Posted: Thu Jul 08, 2010 4:05 pm
by FTP
We know it, so we decide to allow SSLv3 only in the next version. SSLv2 like chicken ribs, very few client will use it.

Re: Disable SSLv2

Posted: Fri Jul 09, 2010 2:17 pm
by baptiste
Ok,
I have asked this question because we must pass security audit and it's mandatory to avoid SSLv2 on all services on our network to be compliant.

Do you know when the next version of wftpd will be out and this version will be 'compatible' licence bought for current version ?

Re: Disable SSLv2

Posted: Fri Jul 09, 2010 5:34 pm
by FTP
Finally we decide to add an option "disable SSLv2", then you can make a choice whether to disable it.

And new version 3.6.0 will be released in next week.

Re: Disable SSLv2

Posted: Mon Jul 12, 2010 2:01 pm
by baptiste
OK,
Thanks a lot for your reactivity.