This is TLS matter.
This issue, if you consider this negociation as an issue, appears on every
protocol based on TLS (HTTPS, FTPS, ASx, SMTPS, and so on...), and none of them
adds any precision over TLS.
But you may consider
that TLS ciphersuite recommandations are too old, and add mandatory supported
ciphersuites. However, I don't think overriding other specs' recommandations is
a good idea, since you never know how this spec may evolve. AS3 may become
incompatible with TLS's future versions by doing this.
Antoine Alberti
XPP project manager
+33 (0) 1 47 17 24 37
Axway. software a Sopra Group
company
An issue was recently brought up
in regards to using TLS in AS3. Within the TLS handshaking, the connecting AS3
application only uses one cipher, 3DES, in the handshaking. In this case, the
FTP server receiving the connection does not support 3DES but does support
others. Since the AS3 app does not support anything but 3DES, it can not work
through the handshaking to find a cipher both agree
on.
Would it be necessary to state
something within the AS3 draft about supporting a specific set of ciphers. Or,
is this outside the scope of AS3 since it may lie only with the FTP server be
beyond the control of the AS3 application.
Kyle
Meadors
Principal, Test
Process
Drummond Group
Inc.
615.384.5006
--
No virus found in this outgoing message.
Checked by
AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.8/22 - Release
Date: 6/17/2005