[Cyberduck-trac] [Cyberduck] #8537: Add ability to deactivate weak crypto, SHA-1, DES etc.

Cyberduck trac at trac.cyberduck.io
Mon Feb 2 21:11:14 UTC 2015


#8537: Add ability to deactivate weak crypto, SHA-1, DES etc.
----------------------------+------------------------------------
    Reporter:  lbort        |      Owner:  dkocher
        Type:  enhancement  |     Status:  new
    Priority:  normal       |  Milestone:
   Component:  sftp         |    Version:  4.6.4
    Severity:  major        |   Keywords:  ssh, kex, ciphers, mac
Architecture:  Intel        |   Platform:
----------------------------+------------------------------------
 I think the logical consequence of tickets #8488 and #8528 would be to
 offer the users the possibility to choose which Algorithms Cyberduck may
 use.
 This would include all the three parts described in the (really nice)
 blogentry mentioned in #8488, key exchange, symetric ciphers and Message
 Authentication Codes.

 Servers that I control will not offer weak crypto anymore as soon as
 cyberduck offers something better, since it is the only software I use
 which still needs that. But when connecting to other servers, I would like
 be able to keep cyberduck from using the weak algorithms and display an
 error message just like described in the tickets mentioned above, if it
 cannot find a match. In case the server in question really only offers
 those protocols, one still can reactivate somethink that matches if one
 really wants to connect. But without that possibility to deactivate weak
 crypto, Cyberduck is not 100% safe, even if the stronger algorithms are
 incorporated.

 This choice should be accessible in the SFTP-Settings imho, but if this is
 not a priority after adding the new algorithms, I would also be happy to
 delete some of them from the line in the configfile similar to
 .ssh/config, if something like this exists in the cyperduck.app contents.

-- 
Ticket URL: <https://trac.cyberduck.io/ticket/8537>
Cyberduck <http://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows


More information about the Cyberduck-trac mailing list