Go Back   FlashFXP Forums > >

Project: FlashFXP Bug Reports Ticket Tools
ID: 1060 Category: FlashFXP Bug
Title: Login bug on some sites with TLSv1 v5.1.0 /Build 3861) Status: Closed
Severity: Major Version: 5.1

Junior Member
emile42
07-26-2015, 04:16 AM
Login bug on some sites with TLSv1 v5.1.0 /Build 3861)

I get the following connect error with the newest (just updated) version

[09:04:32] [L] Connected to site
[09:04:32] [L] 220 FTP server ready.
[09:04:32] [L] AUTH SSL
[09:04:32] [L] 234 AUTH SSL successful
[09:04:32] [L] SSL error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
[09:04:32] [L] Failed TLSv1 negotiation, disconnected
[09:04:32] [L] Connection failed (Connection closed by client)

this hinders me from connecting to the site.

any ideas ?

Regards,
Emil
FlashFXP Developer
bigstar
07-26-2015, 09:32 PM
Re: Login bug on some sites with TLSv1 v5.1.0 /Build 3861)

This was a security fix introduced in the latest OpenSSL update to prevent LogJam attack via a weak dh key
more information can be found at https://weakdh.org/

Most likely the server needs to re-generate a new X.509 certificate for SSL encryption with a stronger key, 1024 and up.

Alternatively you could downgrade OpenSSL to an older insecure version to gain access to the FTP server but security will be very weak and not recommended.
Junior Member
emile42
07-27-2015, 04:04 AM
Re: Login bug on some sites with TLSv1 v5.1.0 /Build 3861)

Yes, you are right, I luckily found an older build of flashfxp and installed that ,until I can get around to upgrading the site in question. It would have been nice if I could have downloaded older builds from your site, say top 5 recent builds ?

Regards,
Emil
FlashFXP Developer
bigstar
07-27-2015, 07:42 AM
Re: Login bug on some sites with TLSv1 v5.1.0 /Build 3861)

You don't need an older build of FlashFXP, just an older build of the OpenSSL DLLs

http://archive.flashfxp.com/archives/openssl/

Unzip the desired version into your FlashFXP program folder replacing the existing DLLs

The link above also includes older builds of FlashFXP as well.
FlashFXP Developer
bigstar
07-27-2015, 09:08 AM
Re: Login bug on some sites with TLSv1 v5.1.0 /Build 3861)

I should point out it would probably be best to install the portable edition of FlashFXP into a special folder and only downgrade openssl on that copy so you can connect to the site that requires weak security.

This way you're limiting the weak security to that single instance of FlashFXP when connecting to a specific site and still maintaining maximum security on the rest of the sites you connect to when using your normal installation.
Super Duper
MxxCon
07-28-2015, 07:57 AM
Re: Login bug on some sites with TLSv1 v5.1.0 /Build 3861)

Quote:
Originally Posted by emile42
Yes, you are right, I luckily found an older build of flashfxp and installed that ,until I can get around to upgrading the site in question. It would have been nice if I could have downloaded older builds from your site, say top 5 recent builds ?

Regards,
Emil
You should really update your SSL configuration right away instead of switching to an insecure version of OpenSSL.
What's the point of having encryption if it's not secure. Might as well just completely turn it off.
__________________
[Sig removed by Administrator: Signature can not exceed 20GB]
Ticket Tools
Subscribe to this Ticket


Posting Rules
You may not post new tickets

Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -5. The time now is 12:08 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)