FlashFXP Forums - View Single Post

bigstar · 12-17-2015, 12:06 PM

The problem is caused by the SecureBlackBox library used by FlashFXP and FileCOPA

When SecureBlackBox added support for AES-GSM encryption they added it using the RFC standard, then they added support for AES-GSM@openssh.com which is a variant of the RFC standard, at the same time they back-tracked on the original AES-GSM encryption code and changed it to use the @openssh.com variant breaking interpolation between the client and server.

The issue was quickly resolved in the next SecureBlackBox update.

The problem is that last time I checked FileCOPA was still using an older edition of the SecureBlackBox library. I attempted to contact the developer of FileCOPA to discuss this serious issue but they never responded.

You can work around the problem in FlashFXP by unchecking the aes256-gsm and aes128-gsm ciphers via the Site Manager / SFTP tab. Or if you prefer to turn it off globally you can via the Preferences dialog / SFTP Encryption. This will turn off these bugged ciphers and allow FlashFXP to use another compatible cipher.

GCM mode ciphers provide both privacy (encryption) and integrity (MAC), Since the MAC is defined by the cipher its implicit. Other ciphers only provide encryption and the MAC is calculated in a separate step.

12-17-2015, 12:06 PM
bigstar FlashFXP Developer Join Date: Oct 2001 Posts: 8,012	The problem is caused by the SecureBlackBox library used by FlashFXP and FileCOPA When SecureBlackBox added support for AES-GSM encryption they added it using the RFC standard, then they added support for AES-GSM@openssh.com which is a variant of the RFC standard, at the same time they back-tracked on the original AES-GSM encryption code and changed it to use the @openssh.com variant breaking interpolation between the client and server. The issue was quickly resolved in the next SecureBlackBox update. The problem is that last time I checked FileCOPA was still using an older edition of the SecureBlackBox library. I attempted to contact the developer of FileCOPA to discuss this serious issue but they never responded. You can work around the problem in FlashFXP by unchecking the aes256-gsm and aes128-gsm ciphers via the Site Manager / SFTP tab. Or if you prefer to turn it off globally you can via the Preferences dialog / SFTP Encryption. This will turn off these bugged ciphers and allow FlashFXP to use another compatible cipher. GCM mode ciphers provide both privacy (encryption) and integrity (MAC), Since the MAC is defined by the cipher its implicit. Other ciphers only provide encryption and the MAC is calculated in a separate step.