Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
Ask a Question

Couple Questions About CompleteFTP 8.1.6

0 votes
2k views
in CompleteFTP by (300 points)
I just installed 8.1.6 on a server to evaluate as a replacement to our Titan FTP server by SRT. After getting it all setup and running some tests because we are a Merchant Service Provider and have to follow PCI Level 1. I came across a couple things i was wonder if they will be in future releases.

I ran a SSL test using Qualys SSL Labs and was wondering if these below are being worked on for future release as i mentioned. Because we primarily use the HTTPS GUI for our needs and run weekly security scans these are some what really important.

1. TLS 1.2 and TLS_FallBack_SCSV is not supported.
2. Secure Renegotiation is not supported.
3. Forward Secrecy is not supported.

Thanks in advance to whom ever can answer my questions.

James.

4 Answers

0 votes
by (162k points)
1. We plan to add support for TLS 1.2 in the near future. We're not sure about TLS_FallBack_SCSV - with SSL 3.0 disabled by default the benefit is minimal, so it isn't high priority.

2. We also plan to add support for secure renegotiation. For the time being renegotiation is disabled so there is no security risk.We'll probably add this when we add TLS 1.2 support.

3. We plan to add ephemeral Diffie-Hellman (EDH) soon (but 1 and 2 are higher priority)..
0 votes
by (300 points)
Thank you very much, those are the answers i needed.

One more question,
What would cause the HTTPS GUI bypass the index.html page to not come up after we branded it and go straight to the login.jss page?

We looked at the code and only thing i did was change the logo and url of the logo, i did not edit anything near the login.jss redirect section in the index.html.

It is weird because after it was edited i go to the new index.html page fine but after a refresh or 2 in the browser it just goes right past it and hits the login page.
0 votes
by (51.6k points)
One possibility is that the URL of the image is wrong. If an anonymous user requests a file that doesn't exist then they'll be prompted to log in (there's a good reason for this). So if the URL of the image (or any other referenced file) is wrong then the user will be redirect to a login page.

The easiest way to ensure that the URL is correct is to place all required images (and other files) in the same directory as the index page and then reference the files in the URLs purely by their names (i.e. no domain names and no paths).

Does that make sense?

- Hans
0 votes
by (300 points)
Does that make sense?

Yes it does.

Categories

EnterpriseDT 2020
...