PDA

View Full Version : SSL Certificate and encryption


BigBoxer
01-06-2008, 01:18 AM
hello, i'm not used to SSL Certificate but is there any way to force ioFTPD to use a certaing encryption suite instead of another one?

i mean during transfer FlashFXP says
SSL session encrypted using cipher BF-CBC (128 bit)

is there any way to force to use another cipher like DES-CBC3 or other?

If you are used to OpenVPN you know what i'm talking about

thx

Yil
01-06-2008, 04:44 PM
Short answer: No.

The selection of encryption scheme is the result of a negotiation between the sender and receiver. The "best" algorithm available to both sides is used. Normally this results in some form of AES and SHA being chosen today. If you were to FXP to ioFTPD on the same machine using AUTH TLS I would presume you would see AES/SHA. If you aren't then it's possible the windows security infrastructure needs to be updated since that is what ioFTPD uses to do the encryption.

BigBoxer
01-07-2008, 06:34 AM
Ok, but reading around the web about SSL handshake and protocol negotiation, the server offers a list of encryption suites available on his side and the client chose the best one for him in the list (meaning the supprted ones on his side).
But what i could read around for instance, the Apache http server is able to offer in its config files the possibility of chosing allowed encryption suites thus forcing the client to chose between a restricted selection of encryption suites.

here's the example (http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html)