[Cyberduck-trac] [Cyberduck] #8842: webdavs use unsecure SSLv3

Cyberduck trac at trac.cyberduck.io
Thu May 21 11:33:14 UTC 2015 

#8842: webdavs use unsecure SSLv3
------------------------+----------------------------
    Reporter:  mellier  |      Owner:
        Type:  defect   |     Status:  new
    Priority:  normal   |  Milestone:
   Component:  core     |    Version:  4.7
    Severity:  normal   |   Keywords:  webdavs SSL
Architecture:           |   Platform:  Mac OS X 10.10
------------------------+----------------------------
 Would it possible to replace unsecure SSLv3 with TLS1.1 or higher for the
 encryption ?

 This is because our webdav server refuses (Heartbit effect) any
 negociation with SSLv3.

 The SSL dump for Hello phase:

 1 1  0.3343 (0.3343)  C>SV3.3(275)  Handshake
       ClientHello
         Version 3.3
         random[32]=
           55 5d bd 6e f9 a4 b6 9e 2d c5 3d a9 d7 60 15 81
           36 a6 3a e9 05 86 e5 e6 5f a7 1d 99 a9 4b 6c f8
         cipher suites
         Unknown value 0xc024
         Unknown value 0xc028
         Unknown value 0x3d
         Unknown value 0xc026
         Unknown value 0xc02a
         Unknown value 0x6b
         Unknown value 0x6a
         Unknown value 0xc00a
         Unknown value 0xc014
         Unknown value 0x35
         Unknown value 0xc005
         Unknown value 0xc00f
         Unknown value 0x39
         Unknown value 0x38
         Unknown value 0xc023
         Unknown value 0xc027
         Unknown value 0x3c
         Unknown value 0xc025
         Unknown value 0xc029
         TLS_DHE_DSS_WITH_NULL_SHA
         Unknown value 0x40
         Unknown value 0xc009
         Unknown value 0xc013
         Unknown value 0x2f
         Unknown value 0xc004
         Unknown value 0xc00e
         Unknown value 0x33
         Unknown value 0x32
         Unknown value 0xc02c
         Unknown value 0xc02b
         Unknown value 0xc030
         Unknown value 0x9d
         Unknown value 0xc02e
         Unknown value 0xc032
         Unknown value 0x9f
         Unknown value 0xa3
         Unknown value 0xc02f
         Unknown value 0x9c
         Unknown value 0xc02d
         Unknown value 0xc031
         Unknown value 0x9e
         Unknown value 0xa2
         Unknown value 0xc008
         Unknown value 0xc012
         TLS_RSA_WITH_3DES_EDE_CBC_SHA
         Unknown value 0xc003
         Unknown value 0xc00d
         TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
         TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
         Unknown value 0xc007
         Unknown value 0xc011
         TLS_RSA_WITH_RC4_128_SHA
         Unknown value 0xc002
         Unknown value 0xc00c
         TLS_RSA_WITH_RC4_128_MD5
         Unknown value 0xff
         compression methods
                   NULL
 1 2  0.3345 (0.0002)  S>CV3.0(2)  Alert
     level           fatal
     value           protocol_version
 1    0.3345 (0.0000)  S>C  TCP FIN
 1    0.3351 (0.0005)  C>S  TCP FIN

-- 
Ticket URL: <https://trac.cyberduck.io/ticket/8842>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list