Dear support,
I tried an audit of our Wingftp HTTPS service with this service https://www.ssllabs.com/ssltest/" rel="nofollow" rel="nofollow" rel="nofollow" rel="nofollow" rel="nofollow.
With very bad results:
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.
This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.
This server accepts RC4 cipher, but only with older protocol versions. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.
I installed the latest release 4.7.8 and FIPS 140-2 Mode is activated.
I am missing the possibilities to configure/deactivate
SSL3, RC4 cipher, weak DH key exchange parameters.
We suppress with group policies that IE browser accepts ssl2.0 , ssl3.0 .
This is maybe the reason why we cant use IE for accessing to https wingftp service .
IE 11 & edge doesnt support RC4 chiper anymore: https://support.microsoft.com/en-us/kb/3151631" rel="nofollow
Dueto we have in next weeks an IT-audit for IDW330 and ISO27000 we need a
solution really fast.
Kindly regards,
Michael
weak results after an audit of https service
-
- Site Admin
- Posts: 2087
- Joined: Tue Sep 29, 2009 6:09 am
Re: weak results after an audit of https service
When you enable the FIPS 140-2 mode, you need to restart the WingFTP service, did you do it?
-
- Posts: 10
- Joined: Thu May 19, 2016 10:11 am
Re: weak results after an audit of https service
Yes, I restarted the Wing FTP Service after setting this.
Please make it possible to deactivate SSL3, RC4 and the weak DH !
Kindly regards,
michael
Please make it possible to deactivate SSL3, RC4 and the weak DH !
Kindly regards,
michael
-
- Site Admin
- Posts: 2087
- Joined: Tue Sep 29, 2009 6:09 am
Re: weak results after an audit of https service
OK, please stop the WingFTP service first, and then edit the file "Data/settings.xml", replace the following line:
<DisableSSLv3>0</DisableSSLv3>
into:
<DisableSSLv3>1</DisableSSLv3>
<DisableSSLv3>0</DisableSSLv3>
into:
<DisableSSLv3>1</DisableSSLv3>
-
- Posts: 10
- Joined: Thu May 19, 2016 10:11 am
Re: weak results after an audit of https service
This line was already <DisableSSLv3>1</DisableSSLv3> , I didn't have to change it.
Kindly regards,
Michael
Kindly regards,
Michael
-
- Site Admin
- Posts: 2087
- Joined: Tue Sep 29, 2009 6:09 am
Re: weak results after an audit of https service
Not possible, please send your server details (such as server address) via email.
-
- Posts: 10
- Joined: Thu May 19, 2016 10:11 am
Re: weak results after an audit of https service
Dear FTP,
thank you very much for your visit on my WingFTP server.
Your hint to find out the root of the wrong HTTP server header was right.
I did an heavy mistake and used the wrong external IP address.
After fixing this, the WingFTP Service reports the right header and ssllabs gives A Rating now.
Kindly regards,
michael
thank you very much for your visit on my WingFTP server.
Your hint to find out the root of the wrong HTTP server header was right.
I did an heavy mistake and used the wrong external IP address.
After fixing this, the WingFTP Service reports the right header and ssllabs gives A Rating now.
Kindly regards,
michael