[Cyberduck-trac] [Cyberduck] #8537: Add ability to deactivate weak crypto, SHA-1, DES etc.
Cyberduck
trac at trac.cyberduck.io
Mon Feb 2 21:11:14 UTC 2015
#8537: Add ability to deactivate weak crypto, SHA-1, DES etc.
----------------------------+------------------------------------
Reporter: lbort | Owner: dkocher
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: sftp | Version: 4.6.4
Severity: major | Keywords: ssh, kex, ciphers, mac
Architecture: Intel | Platform:
----------------------------+------------------------------------
I think the logical consequence of tickets #8488 and #8528 would be to
offer the users the possibility to choose which Algorithms Cyberduck may
use.
This would include all the three parts described in the (really nice)
blogentry mentioned in #8488, key exchange, symetric ciphers and Message
Authentication Codes.
Servers that I control will not offer weak crypto anymore as soon as
cyberduck offers something better, since it is the only software I use
which still needs that. But when connecting to other servers, I would like
be able to keep cyberduck from using the weak algorithms and display an
error message just like described in the tickets mentioned above, if it
cannot find a match. In case the server in question really only offers
those protocols, one still can reactivate somethink that matches if one
really wants to connect. But without that possibility to deactivate weak
crypto, Cyberduck is not 100% safe, even if the stronger algorithms are
incorporated.
This choice should be accessible in the SFTP-Settings imho, but if this is
not a priority after adding the new algorithms, I would also be happy to
delete some of them from the line in the configfile similar to
.ssh/config, if something like this exists in the cyperduck.app contents.
--
Ticket URL: <https://trac.cyberduck.io/ticket/8537>
Cyberduck <http://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list