As I am a drftpd developer I thought I'd comment on the problem with ciphers over a certain length. As you probably know drftpd is written in Java, the standard Java runtime/SDK downloads from Sun ship with limitations to the encryption strength they support (due to US government export controls if I remember correctly).
I expect the site(s) you were testing were running a standard Java runtime for the drftpd daemon, if the site installed the export cryptography addon into their Java runtime then I would expect to find that that the key length restriction disappears and higher strength ciphers are now permitted.
|