First, make sure you are running the latest Cerberus FTP Server release. The steps and guidance below only apply to the latest official release.
The RC4 cipher can be used for encryption with SSL connections. To disable RC4 as an option, the SSL cipher string will need to be modified to explicitely exclude RC4 as an option. This can be done by appending the the string :!RC4 to the current string.
The SSL cipher string can be accessed and changed on the Security page of the Server Manager. (If you are using Cerberus versions 9 or below, press the Advanced button to bring up the Advanced Security dialog).
No SSH2 cipher changes are necessary since Cerberus has never supported RC4 as an SSH2 encryption option.
MD5 can be disabled for SSL in a similar way. Just append the string :!MD5 to the cipher string
An example SSL cipher string that disabled RC4 and MD5:
ALL:!LOW:!EXP:!aNULL:!RC4:!MD5:@STRENGTH
You can disable support for MD5 MAC in SSH2 SFTP by unchecking the hmac-md5 option under the Active MAC List (SSH2 HMAC List in Cerberus 9 and below) on the Protocols page (Security > Advanced in Cerberus 9 and below). A full Cerberus FTP Server Windows Service restart from the Services control panel in Windows is required for any changes to the SSH cipher or MAC list to become active.
Comments
0 comments
Please sign in to leave a comment.