jgaunt/rclone
1
0
Fork 0
mirror of https://github.com/rclone/rclone.git synced 2025-12-26 13:13:31 +00:00
Code Issues Projects Releases Wiki Activity

ftp: allow insecure TLS ciphers - fixes #8701

Browse Source 
Signed-off-by: Anagh Kumar Baranwal <6824881+darthShadow@users.noreply.github.com>
This commit is contained in:
Anagh Kumar Baranwal
2025-07-23 20:20:31 +05:30
committed by Nick Craig-Wood
parent 64ed9b175f
commit d71a4195d6
1 changed files with 42 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
backend/ftp/ftp.go
View File

@@ -163,6 +163,16 @@ Enabled by default. Use 0 to disable.`,
Help: "Disable TLS 1.3 (workaround for FTP servers with buggy TLS)", Help: "Disable TLS 1.3 (workaround for FTP servers with buggy TLS)",
Default: false, Default: false,
Advanced: true, Advanced: true,
}, {
Name: "allow_insecure_tls_ciphers",
Help: `Allow insecure TLS ciphers
Setting this flag will allow the usage of the following TLS ciphers in addition to the secure defaults:
- TLS_RSA_WITH_AES_128_GCM_SHA256
`,
Default: false,
Advanced: true,
}, { }, {
Name: "shut_timeout", Name: "shut_timeout",
Help: "Maximum time to wait for data connection closing status.", Help: "Maximum time to wait for data connection closing status.",
@@ -236,29 +246,30 @@ a write only folder.
// Options defines the configuration for this backend // Options defines the configuration for this backend
type Options struct { type Options struct {
Host string `config:"host"` Host string `config:"host"`
User string `config:"user"` User string `config:"user"`
Pass string `config:"pass"` Pass string `config:"pass"`
Port string `config:"port"` Port string `config:"port"`
TLS bool `config:"tls"` TLS bool `config:"tls"`
ExplicitTLS bool `config:"explicit_tls"` ExplicitTLS bool `config:"explicit_tls"`
TLSCacheSize int `config:"tls_cache_size"` TLSCacheSize int `config:"tls_cache_size"`
DisableTLS13 bool `config:"disable_tls13"` DisableTLS13 bool `config:"disable_tls13"`
Concurrency int `config:"concurrency"` AllowInsecureTLSCiphers bool `config:"allow_insecure_tls_ciphers"`
SkipVerifyTLSCert bool `config:"no_check_certificate"` Concurrency int `config:"concurrency"`
DisableEPSV bool `config:"disable_epsv"` SkipVerifyTLSCert bool `config:"no_check_certificate"`
DisableMLSD bool `config:"disable_mlsd"` DisableEPSV bool `config:"disable_epsv"`
DisableUTF8 bool `config:"disable_utf8"` DisableMLSD bool `config:"disable_mlsd"`
WritingMDTM bool `config:"writing_mdtm"` DisableUTF8 bool `config:"disable_utf8"`
ForceListHidden bool `config:"force_list_hidden"` WritingMDTM bool `config:"writing_mdtm"`
IdleTimeout fs.Duration `config:"idle_timeout"` ForceListHidden bool `config:"force_list_hidden"`
CloseTimeout fs.Duration `config:"close_timeout"` IdleTimeout fs.Duration `config:"idle_timeout"`
ShutTimeout fs.Duration `config:"shut_timeout"` CloseTimeout fs.Duration `config:"close_timeout"`
AskPassword bool `config:"ask_password"` ShutTimeout fs.Duration `config:"shut_timeout"`
Enc encoder.MultiEncoder `config:"encoding"` AskPassword bool `config:"ask_password"`
SocksProxy string `config:"socks_proxy"` Enc encoder.MultiEncoder `config:"encoding"`
HTTPProxy string `config:"http_proxy"` SocksProxy string `config:"socks_proxy"`
NoCheckUpload bool `config:"no_check_upload"` HTTPProxy string `config:"http_proxy"`
NoCheckUpload bool `config:"no_check_upload"`
} }
// Fs represents a remote FTP server // Fs represents a remote FTP server
@@ -407,6 +418,14 @@ func (f *Fs) tlsConfig() *tls.Config {
if f.opt.DisableTLS13 { if f.opt.DisableTLS13 {
tlsConfig.MaxVersion = tls.VersionTLS12 tlsConfig.MaxVersion = tls.VersionTLS12
} }
if f.opt.AllowInsecureTLSCiphers {
var ids []uint16
// Read default ciphers
for _, cs := range tls.CipherSuites() {
ids = append(ids, cs.ID)
}
tlsConfig.CipherSuites = append(ids, tls.TLS_RSA_WITH_AES_128_GCM_SHA256)
}
} }
return tlsConfig return tlsConfig
} }