Menu

Search

GlobalSCAPE Knowledge Base


Q: What is GlobalSCAPE’s response to the SSL/TLS BEAST exploit?


GlobalSCAPE 5
EFT Express (SMB) & Enterprise

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server, all versions
  • EFT Server Enterprise, all versions

DISCUSSION

Q: What is GlobalSCAPE’s response to the SSL/TLS BEAST exploit?

A. GlobalSCAPE is aware of information that has been published describing a new method to exploit a known vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to EFT Server. We are not aware of a way to exploit this vulnerability in other protocols or components and we are not aware of attacks that try to use the reported vulnerability at this time and do not consider this vulnerability a high risk to GlobalSCAPE EFT Server customers.

Mitigating Factors:

The attack must make several hundred HTTPS requests before the attack could be successful.

TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.

WORKAROUND

Re-prioritize the RC4 algorithm so that it is favored over CBC-based ciphers.

The attack only affects cipher suites that use symmetric encryption algorithms in CBC mode (such as AES) and does not affect the RC4 algorithm. You can prioritize the RC4 algorithm in EFT Server’s SSL settings in order to facilitate secure communication using RC4 instead of CBC-based ciphers.

  1. Log in to EFT Server as a Server Administrator.
  2. Click the Server node.
  3. Click the Security tab.
  4. Under Allowed ciphers, move RC4 128 bit to the top of the list.
  5. Restart the EFT Server service.

Note: This Workaround refers to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors until a security update is available. Future updates may include newer versions of the TLS protocol, change to default prioritization of ciphers, and/or additional controls in place to eliminate all risk of an exploit.


Also In This Category


On a scale of 1-5, please rate the helpfulness of this article


Not Helpful
Very Helpful
Optionally provide private feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Last Modified: 7 Years Ago
Last Modified By: GlobalSCAPE 5
Type: FAQ
Article not rated yet.
Article has been viewed 19K times.
Options
Find Similar