Discuss , our SFTP/FTP/FTPS/SCP server for Windows. Secure, fast and customizable!
no avatar
User

JnascECSI

Posts

6

Joined

Thu Feb 19, 2015 12:04 am

Location

Rhode Island

Couple Questions About CompleteFTP 8.1.6

by JnascECSI » Thu Feb 19, 2015 12:31 am

I just installed 8.1.6 on a server to evaluate as a replacement to our Titan FTP server by SRT. After getting it all setup and running some tests because we are a Merchant Service Provider and have to follow PCI Level 1. I came across a couple things i was wonder if they will be in future releases.

I ran a SSL test using Qualys SSL Labs and was wondering if these below are being worked on for future release as i mentioned. Because we primarily use the HTTPS GUI for our needs and run weekly security scans these are some what really important.

1. TLS 1.2 and TLS_FallBack_SCSV is not supported.
2. Secure Renegotiation is not supported.
3. Forward Secrecy is not supported.

Thanks in advance to whom ever can answer my questions.

James.
no avatar
User

support2

Posts

3987

Joined

Tue May 18, 2004 8:30 am

Re: Couple Questions About CompleteFTP 8.1.6

by support2 » Thu Feb 19, 2015 1:45 am

1. We plan to add support for TLS 1.2 in the near future. We're not sure about TLS_FallBack_SCSV - with SSL 3.0 disabled by default the benefit is minimal, so it isn't high priority.

2. We also plan to add support for secure renegotiation. For the time being renegotiation is disabled so there is no security risk.We'll probably add this when we add TLS 1.2 support.

3. We plan to add ephemeral Diffie-Hellman (EDH) soon (but 1 and 2 are higher priority)..
no avatar
User

JnascECSI

Posts

6

Joined

Thu Feb 19, 2015 12:04 am

Location

Rhode Island

Re: Couple Questions About CompleteFTP 8.1.6

by JnascECSI » Thu Feb 19, 2015 1:58 am

Thank you very much, those are the answers i needed.

One more question,
What would cause the HTTPS GUI bypass the index.html page to not come up after we branded it and go straight to the login.jss page?

We looked at the code and only thing i did was change the logo and url of the logo, i did not edit anything near the login.jss redirect section in the index.html.

It is weird because after it was edited i go to the new index.html page fine but after a refresh or 2 in the browser it just goes right past it and hits the login page.
no avatar
User

EDT Support

Posts

905

Joined

Mon Apr 26, 2004 3:03 pm

Re: Couple Questions About CompleteFTP 8.1.6

by EDT Support » Thu Feb 19, 2015 12:42 pm

One possibility is that the URL of the image is wrong. If an anonymous user requests a file that doesn't exist then they'll be prompted to log in (there's a good reason for this). So if the URL of the image (or any other referenced file) is wrong then the user will be redirect to a login page.

The easiest way to ensure that the URL is correct is to place all required images (and other files) in the same directory as the index page and then reference the files in the URLs purely by their names (i.e. no domain names and no paths).

Does that make sense?

- Hans
no avatar
User

JnascECSI

Posts

6

Joined

Thu Feb 19, 2015 12:04 am

Location

Rhode Island

Re: Couple Questions About CompleteFTP 8.1.6

by JnascECSI » Fri Feb 20, 2015 5:58 am


Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB ® | phpBB3 Style by KomiDesign
cron