FlashFXP Forums - View Single Post

bigstar · 12-29-2015, 04:45 PM

For whatever reason I never not get their reply, otherwise I would of replied.

Here's the thing about SBB, unless you explicitly disable a cipher/hmac/kex/etc its most likely allowed by default.

I installed FileCOPA on a VM to show you what I mean, Using the the default configuration with no changes

Below is the handshake info sent from the FileCOPA server to the client.

Cipher list:
3des-cbc,blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-cbc,arcfour,idea-cbc,cast128-cbc,des-cbc,arcfour128,arcfour256

MAC list:
hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd,hmac-ripemd160@openssh.com,hmac-sha256@ssh.com,hmac-sha256-96@ssh.com,umac-32@openssh.com,umac-64@openssh.com,umac-96@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,aes128-gcm,aes256-gcm

Now the FileCOPA server is indicating to the client that it supports (via the MAC) aes128-gsm and aes256-gsm, now because gsm ciphers are implicit this also means the cipher is supported too, the way this is handled could also be a bug in SBB too but I am not sure.

But based on this logic SBB comes to the conclusion that aes128-gsm and aes256-gsm are in fact supported.

12-29-2015, 04:45 PM
bigstar FlashFXP Developer Join Date: Oct 2001 Posts: 8,012	For whatever reason I never not get their reply, otherwise I would of replied. Here's the thing about SBB, unless you explicitly disable a cipher/hmac/kex/etc its most likely allowed by default. I installed FileCOPA on a VM to show you what I mean, Using the the default configuration with no changes Below is the handshake info sent from the FileCOPA server to the client. Cipher list: 3des-cbc,blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-cbc,arcfour,idea-cbc,cast128-cbc,des-cbc,arcfour128,arcfour256 MAC list: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd,hmac-ripemd160@openssh.com,hmac-sha256@ssh.com,hmac-sha256-96@ssh.com,umac-32@openssh.com,umac-64@openssh.com,umac-96@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,aes128-gcm,aes256-gcm Now the FileCOPA server is indicating to the client that it supports (via the MAC) aes128-gsm and aes256-gsm, now because gsm ciphers are implicit this also means the cipher is supported too, the way this is handled could also be a bug in SBB too but I am not sure. But based on this logic SBB comes to the conclusion that aes128-gsm and aes256-gsm are in fact supported.