More and more connections fail

bigstar · 12-17-2015, 12:06 PM

The problem is caused by the SecureBlackBox library used by FlashFXP and FileCOPA

When SecureBlackBox added support for AES-GSM encryption they added it using the RFC standard, then they added support for AES-GSM@openssh.com which is a variant of the RFC standard, at the same time they back-tracked on the original AES-GSM encryption code and changed it to use the @openssh.com variant breaking interpolation between the client and server.

The issue was quickly resolved in the next SecureBlackBox update.

The problem is that last time I checked FileCOPA was still using an older edition of the SecureBlackBox library. I attempted to contact the developer of FileCOPA to discuss this serious issue but they never responded.

You can work around the problem in FlashFXP by unchecking the aes256-gsm and aes128-gsm ciphers via the Site Manager / SFTP tab. Or if you prefer to turn it off globally you can via the Preferences dialog / SFTP Encryption. This will turn off these bugged ciphers and allow FlashFXP to use another compatible cipher.

GCM mode ciphers provide both privacy (encryption) and integrity (MAC), Since the MAC is defined by the cipher its implicit. Other ciphers only provide encryption and the MAC is calculated in a separate step.

--IP-- · 12-17-2015, 12:33 PM

Thanks bigstar.

Sorry, I did not understand it to full last time then. I'll uncheck those as a workaround. I had simply assumed that it was a sorted issue by now and didn't think more of it. The strange thing to me is just that it's not everyone who has the issue of connecting.

I'll also try to contact the authors of FileCOPA and ask them to reply to you if you would agree to that. I've asked some features of them before and they replied every time.

If you agree, then how would you want to be contacted, directly by mail?

I'll accept if you don't want to go into this any further. But you would probably have far better luck at explaining it to them than I.