Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
SSH.png 39.0 kB 1 05-Dec-2023 05:32 Halmágyi Árpád
png
all_insecure.png 155.9 kB 2 05-Dec-2023 05:32 Ben Spink
png
oracle.png 63.3 kB 1 05-Dec-2023 05:32 Ben Spink
png
replace.png 59.2 kB 1 05-Dec-2023 05:32 Ben Spink
png
windows.png 154.3 kB 1 05-Dec-2023 05:32 Ben Spink

This page (revision-9) was last changed on 05-Dec-2023 05:32 by Halmágyi Árpád

This page was created on 05-Dec-2023 05:32 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed one line
The policy files must be downloaded manually and installed in your Java lib/security folder replacing the old files. (DO NOT KEEP THE OLD FILES. Keeping both will invalidate the install. Replace the old ones.)
Install video showing these steps: [https://youtu.be/SiEK5hZ09JI]
At line 3 changed 4 lines
Java6: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html \\
Java7: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html \\
Java8: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html \\
You may also search google for: 'java unlimited cryptography policy files'\\
The policy files must be downloaded manually and installed in your Java lib/security/policy/limited/ and lib/security/policy/unlimited/ folder replacing the old files. (DO NOT KEEP THE OLD FILES. Keeping both will invalidate the install. Replace the old ones.)
[attachments|oracle.png]\\
At line 8 changed one line
(If you are unsure which java version is in use, simply look at the about tab on the admin console.)
(If you are unsure which java version you are using, look at the about tab on the admin console.)\\
At line 10 changed 2 lines
OS X Java 6 install location:\\
Java6: [http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html] \\
Java7: [http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html] \\
Java8: [http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html] \\
\\
You may also search google for: 'java unlimited cryptography policy files'\\
\\
OS X Java 6 install location:
At line 15 changed one line
OS X Java 7 and above install location:\\
OS X Java 7 and above install location:
At line 17 changed one line
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/policy/limited/
and
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/policy/unlimited/
At line 19 changed one line
Windows install location:\\
Windows install location:
At line 21 changed one line
C:\Program Files\Java\jre8\lib\security\
C:\Program Files\Java\jre1.8.0_xx\lib\security\policy\limited\
and
C:\Program Files\Java\jre1.8.0_xx\lib\security\policy\unlimited\
or at
C:\Program Files (x86)\Java\jre1.8.0_xx\lib\security\policy\limited\
and
C:\Program Files (x86)\Java\jre1.8.0_xx\lib\security\policy\unlimited\
At line 24 removed one line
[attachments|oracle.png]\\
At line 28 changed 3 lines
CrushFTP must be restarted after making this change. (The service or daemon.) You can use the CrushFTP app to stop the daemon, and start the daemon.\\
Once this has been done, edit the cipher list in the server prefs SSH port item, SSH tab to duplicate the AES128 ciphers and replace the 128 with 256. Your Encryption, SSL tab items will automatically include the new items. Stronger key and keystore files will now work properly too. You will now be secure using strong cryptography instead of the weakened default policy that ships with Java due to 1990's bureaucracy.\\
CrushFTP must be restarted after replacing the two jar files. (The service or daemon.) You can use the CrushFTP app to stop the daemon, and start the daemon.\\
At line 42 added 2 lines
!!Optional additional steps for SSH:\\
Once this has been done, edit the cipher list in the server prefs SSH port item, SSH tab to duplicate the AES128 ciphers and replace the 128 with 256.\\
At line 46 added 6 lines
\\
!!Optional additional steps for SSL/TLS:\\
Your Encryption, SSL tab items will automatically include the new items, but click the disable insecure ciphers to remove any additional weak ciphers. Stronger key and keystore files will now work properly too.\\
\\
\\
!!What this Resolves\\
At line 36 changed one line
At the admin > Preferences > Encryption > SSL tab you can set select the "All insecure ciphers" and that will automatically remove the weak encryption files. After this change save the changes and at the admin > status tab move the mouse over the https port to and restart the service to apply the changes you have made.
In the admin > Preferences > Encryption > SSL tab you can set select the "All insecure ciphers" and that will automatically remove the weak encryption files. After this change, either restart the HTTPS port, or restart the CrushFTP service / daemon again.
Version Date Modified Size Author Changes ... Change note
9 05-Dec-2023 05:32 2.794 kB Halmágyi Árpád to previous
8 05-Dec-2023 05:32 2.439 kB Ben Spink to previous | to last
7 05-Dec-2023 05:32 2.37 kB Ben Spink to previous | to last
6 05-Dec-2023 05:32 2.3 kB Ben Spink to previous | to last
5 05-Dec-2023 05:32 2.296 kB Ben Spink to previous | to last
4 05-Dec-2023 05:32 2.1 kB Halmágyi Árpád to previous | to last
3 05-Dec-2023 05:32 1.736 kB Halmágyi Árpád to previous | to last
2 05-Dec-2023 05:32 1.736 kB Halmágyi Árpád to previous | to last
1 05-Dec-2023 05:32 1.711 kB Ben Spink to last
« This page (revision-9) was last changed on 05-Dec-2023 05:32 by Halmágyi Árpád
G’day (anonymous guest)
CrushFTP11 | What's New
JSPWiki