Install video showing these steps: https://youtu.be/SiEK5hZ09JI
The policy files must be downloaded manually and installed in your Java lib/security/policy/limited/ and lib/security/policy/unlimited/ folder replacing the old files. (DO NOT KEEP THE OLD FILES. Keeping both will invalidate the install. Replace the old ones.)
(If you are unsure which java version you are using, look at the about tab on the admin console.)
Java6: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
Java7: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
Java8: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
You may also search google for: 'java unlimited cryptography policy files'
OS X Java 6 install location:
/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home/lib/security/OS X Java 7 and above install location:
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/policy/limited/ and /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/policy/unlimited/Windows install location:
C:\Program Files\Java\jre1.8.0_xx\lib\security\policy\limited\ and C:\Program Files\Java\jre1.8.0_xx\lib\security\policy\unlimited\ or at C:\Program Files (x86)\Java\jre1.8.0_xx\lib\security\policy\limited\ and C:\Program Files (x86)\Java\jre1.8.0_xx\lib\security\policy\unlimited\
CrushFTP must be restarted after replacing the two jar files. (The service or daemon.) You can use the CrushFTP app to stop the daemon, and start the daemon.
Optional additional steps for SSH:
#
Once this has been done, edit the cipher list in the server prefs SSH port item, SSH tab to duplicate the AES128 ciphers and replace the 128 with 256.Optional additional steps for SSL/TLS:
#
Your Encryption, SSL tab items will automatically include the new items, but click the disable insecure ciphers to remove any additional weak ciphers. Stronger key and keystore files will now work properly too.What this Resolves
#
The updated files will resolve PGP decryption issues, outbound SFTP/FTPES/HTTPS/SMTP connection issues to servers requiring strong cryptography, etc. Anything requiring strong cryptography will now work!In the admin > Preferences > Encryption > SSL tab you can set select the "All insecure ciphers" and that will automatically remove the weak encryption files. After this change, either restart the HTTPS port, or restart the CrushFTP service / daemon again.
Add new attachment
List of attachments
Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
---|---|---|---|---|---|---|
png |
SSH.png | 39.0 kB | 1 | 05-Dec-2023 05:32 | Halmágyi Árpád | |
png |
all_insecure.png | 155.9 kB | 2 | 05-Dec-2023 05:32 | Ben Spink | |
png |
oracle.png | 63.3 kB | 1 | 05-Dec-2023 05:32 | Ben Spink | |
png |
replace.png | 59.2 kB | 1 | 05-Dec-2023 05:32 | Ben Spink | |
png |
windows.png | 154.3 kB | 1 | 05-Dec-2023 05:32 | Ben Spink |