WatchDirectory home page
WatchDirectory Startseite (Deutsche Version)
Site WatchDirectory (Français)
  Welcome, Guest. Please Login or Register
YaBB - Yet another Bulletin Board
   
  HomeHelpSearchLoginRegister  
 
Page Index Toggle Pages: 1
sftp ciphers and MACs (Read 166 times)
m.feldspar
YaBB Newbies
*
Offline



Posts: 9
sftp ciphers and MACs
Oct 27th, 2017 at 5:21pm
 
We use the ftp plugin to uploads files to a customer. The customer has informed us that they will be removing from their ftp site "the following weak ciphers and MACs: "

•         aes256-cbc
•         aes128-cbc
•         cast128-cbc
•         hmac-md5

The client suggest we upgrade to use these:
•         aes256-ctr
•         aes192-ctr
•         aes128-ctr
•         hmac-sha1

Does WD support these new ciphers & MACs and will out ftp uploads continue to function when the client makes this change? Are there things we need to do to continue using WD for our ftp uploads.

Thanks
Back to top
 
 
IP Logged
 
Gert
YaBB Administrator
*****
Offline



Posts: 2233
The Netherlands
Re: sftp ciphers and MACs
Reply #1 - Oct 28th, 2017 at 3:16pm
 
Hi,

Make sure you run the current (latest) WD release, it has updated support for all current encryptions.
Back to top
 

Gert Rijs - gert (at) gdpsoftware (dot) com
Blog: http://blog-en.gdpsoftware.com/
End Alzheimer's: http://www.alz.org&&...
WWW WWW GdPSoftware  
IP Logged
 
m.feldspar
YaBB Newbies
*
Offline



Posts: 9
Re: sftp ciphers and MACs
Reply #2 - Oct 30th, 2017 at 9:14pm
 
Due to an excess of caution my boss is hesitant to upgrade. Can you tell me what version(s) support the newer ciphers? We appear to be running 4.9.0.

Thanks.
Back to top
 
 
IP Logged
 
Gert
YaBB Administrator
*****
Offline



Posts: 2233
The Netherlands
Re: sftp ciphers and MACs
Reply #3 - Oct 31st, 2017 at 8:45am
 
4.9.0 is 2.5 years old, see http://www.watchdirectory.net/wdhelp/help/wdcc_version_history.html

Note that upgrading to the current release is free, just make sure to accept all defaults during install of the evaluation download and it will "see" your current tasks and license information.
Back to top
 

Gert Rijs - gert (at) gdpsoftware (dot) com
Blog: http://blog-en.gdpsoftware.com/
End Alzheimer's: http://www.alz.org&&...
WWW WWW GdPSoftware  
IP Logged
 
m.feldspar
YaBB Newbies
*
Offline



Posts: 9
Re: sftp ciphers and MACs
Reply #4 - Nov 1st, 2017 at 10:46pm
 
Yes, i know but bosses have to be bosses....

I convinced him to upgrade. Now we have this problem. The client continues to support the old ciphers and WD seems to choose to use the old ciphers. One would assume that if they offer the old ciphers we would be free to use them, but not so. The client wants us to prioritize use of the newer ciphers. Is there anyway to do that?
Back to top
 
 
IP Logged
 
m.feldspar
YaBB Newbies
*
Offline



Posts: 9
Re: sftp ciphers and MACs
Reply #5 - Nov 3rd, 2017 at 7:05pm
 
Is there anyway to prioritize the order in which the ciphers are selected for use?
Back to top
 
 
IP Logged
 
Gert
YaBB Administrator
*****
Offline



Posts: 2233
The Netherlands
Re: sftp ciphers and MACs
Reply #6 - Nov 4th, 2017 at 9:49am
 
I will have to look into it if the FTP library used by WD supports that. If it does, we can change WD to give you an option which cipher it will use.

Back to top
 

Gert Rijs - gert (at) gdpsoftware (dot) com
Blog: http://blog-en.gdpsoftware.com/
End Alzheimer's: http://www.alz.org&&...
WWW WWW GdPSoftware  
IP Logged
 
Gert
YaBB Administrator
*****
Offline



Posts: 2233
The Netherlands
Re: sftp ciphers and MACs
Reply #7 - Nov 4th, 2017 at 10:33am
 
It looks like currently WD offers this encryptionlist to the SFTP server:
aes192-cbc
aes192-ctr
3des-cbc
blowfish-cbc
aes128-cbc
aes128-ctr
aes256-cbc
aes256-ctr
rijndael128-cbc
rijndael192-cbc
rijndael256-cbc
rijndael-cbc@lysator.liu.se
des-cbc
des-cbc@ssh.com

and this hmac list (digest algorithms):
hmac-sha2-256
hmac-sha2-512
hmac-sha1
hmac-sha1-96
hmac-md5
none

(and a very long list of SSL ciphers for FTPS connections).

In the order above. The first one that matches an encryption offered by the server will be chosen. I will get you a beta where you can reorder or change the above lists. Probably early next week.
Back to top
 

Gert Rijs - gert (at) gdpsoftware (dot) com
Blog: http://blog-en.gdpsoftware.com/
End Alzheimer's: http://www.alz.org&&...
WWW WWW GdPSoftware  
IP Logged
 
Page Index Toggle Pages: 1