Article delegate-en/4092 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4078@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: FileZilla TLS security patch does not work with FTPS and Delegate
24 Aug 2008 18:11:25 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4078@delegate-en.ML_> on 08/19/08(17:34:37) I wrote:
 |In message <_A4077@delegate-en.ML_> on 08/19/08(16:35:30)
 |you p5uhqbdyi-znqnbuilaalr.ml@ml.delegate.org wrote:
 | |2008-07-24 - Security Advisory
 | |FileZilla 3.1.0.1 fixes a vulnerability regarding the way some errors are
 | |handled on SSL/TLS secured data transfers.
 | |If the data connection of a transfer gets closed, FileZilla did not check
 | |if the server performed an orderly TLS shutdown.

I read the discussion in the FileZilla forum including standpoints like
mine :)
<URL:http://forum.filezilla-project.org/viewtopic.php?t=7465&start=38>

I'm suspicious if the way of shutdown handling will be the majority,
but at least it should be an option to be selected by users.
Thus I added a new option to DeleGate/9.8.4-pre6 to enable it, with
the following option:

  TLSCONF=shutdown

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V