First, make sure you are running the latest Cerberus FTP Server release. The steps and guidance below only apply to the latest official release.
The RC4 and CBC ciphers can be used for encryption with SSL connections. To disable RC4 and CBC as options, the SSL cipher string will need to be modified to explicitly exclude RC4 and CBC as options. This can be done by appending the the string :!RC4
and :!CBC
to the current string.
The SSL cipher string can be accessed and changed on the Security page of the Server Manager.
No SSH2 cipher changes are necessary since Cerberus has never supported RC4 as an SSH2 encryption option.
MD5 can be disabled for SSL in a similar way. Just append the string :!MD5
to the cipher string
An example SSL cipher string that disabled RC4, CBC and MD5:
ALL:!LOW:!EXP:!aNULL:!RC4:!CBC:!MD5:@STRENGTH
You can disable support for MD5 MAC in SSH2 SFTP by unchecking the hmac-md5
option under the Active MAC List (SSH2 HMAC List in Cerberus 9 and below) on the Protocols page (Security > Advanced in Cerberus 9 and below). A full Cerberus FTP Server Windows Service restart from the Services control panel in Windows is required for any changes to the SSH cipher or MAC list to become active.
Comments
0 comments
Please sign in to leave a comment.