login about faq

We have the above version of FTP2 we are reducing the ciphers on our Secure server to address the logjam issue. When testing we fail. We have reduced to two ciphers, TLS_RSA_WITH_AES_128_CBC_SHA256 and TLS_RSA_WITH_AES_256_CBC_SHA265

Here is the last of the log

 --LocalMachineRootCertStore
      --cacheClientCerts
      clientHandshake2:
        processAlert:
          TlsAlert:
            level: fatal
            descrip: handshake failure
          --TlsAlert
          passiveClose:
            Passive socket closing complete.
          --passiveClose
        --processAlert
        Failed to read incoming handshake messages. (1)
      --clientHandshake2
    --clientHandshake
    Client handshake failed. (1)
    connectionClosed: 0
  --convertToTls
  Failed to convert channel to SSL/TLS
--authTls
Failed to connect to FTP server.
Failed.

--Connect_Ftp2 --ChilkatLog 220-DMV Secure File Transfer

220- 220- 220 Secure FTP Server ready. AUTH TLS 234 SSLv23/TLSv1 ChilkatLog: ChangeRemoteDir:

asked Aug 10 '15 at 17:09

Toren's gravatar image

Toren
3625


Thanks, I was working on reducing ciphers for PCI compliance, thru hunt and peck I was able to find an allowable combination.

link

answered Aug 14 '15 at 18:14

Toren's gravatar image

Toren
3625

Care to share what combination worked for you? It might help others with a similar challenge...

(Aug 15 '15 at 18:27) jpbro ♦

Not sure about 9.5.0.21, but the current documentation mentions that as of 9.5.0.48 the following about supported ciphers. Dees it help?

SslAllowedCiphers As String

Introduced in version 9.5.0.48

Provides a means for setting a list of ciphers that are allowed for SSL/TLS connections. The default (empty string) indicates that all implemented ciphers are possible: aes256-cbc, aes128-cbc, 3des-cbc, and rc4. To restrict SSL/TLS connections to one or more specific ciphers, set this property to a comma-separated list of ciphers such as "aes256-cbc, aes128-cbc". The order should be in terms of preference, with the preferred algorithms listed first. The server however, chooses from among the algorithms listed.

Starting in v9.5.0.48, Chilkat will by-default disallow all possible usage of RSA keys that are less than 1024 bits. To allow for 512 bits or above, add "rsa512" to the list of algorithms in the SslAllowedCiphers list. To allow only 2048 bits or above, add "rsa2048" to the list of algorithms. (Adding "rsa1024" chooses the same as the default.)

link

answered Aug 14 '15 at 08:33

jpbro's gravatar image

jpbro ♦
1.1k2618

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×131

Asked: Aug 10 '15 at 17:09

Seen: 575 times

Last updated: Aug 15 '15 at 18:27

powered by OSQA