Just noticed that the FTP service on the DL is still using the flawed SSLv3 encryption protocol. Is this correct?
Isn’t FTP entirely unencrypted?
Depends. On the DL NASs ou can set-up the FTP service to be implicit, so en encryption by a digital certificate needs to be established before any user name, password and data is exchanged. Implicit FTP uses port 990 and not port 21.
I could use use required and Explicit FTP, but that means putting the service on port 21. Initially is starts unencrypted, but encryption must be established before user name, password and data are exchanged.
I noticed in the DL’s logs that the protocols used are TLSv1 and SSLv3.
I guess as long as TLS is negotiated then hopefully there should not be a problem, but the PureFTP service on the DL should be updated to remove the use of SSLv3.
