FTP over SSL explicit, session cipher


I'm just wondering about the strength of the cipher key when using FTP over SSL explicit. With me tt defaults consistently to RC4, while this particular server is also able to establish the stronger cipher key AES.

Is there something I should do in the general or favorites settings to force a stronger cipher?

The log of the seession is:

[10:13:03] SmartFTP v4.0.1087.0
[10:13:03] Resolving host name "--hostname deleted--"
[10:13:03] Connecting to (--IP address deleted--) Port: 21
[10:13:03] Connected to (--hostname deleted--).
[10:13:03] 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
[10:13:03] 220-You are user number 2 of 75 allowed.
[10:13:03] 220-Local time is now 02:13. Server port: 21.
[10:13:03] 220-This is a private system - No anonymous login
[10:13:03] 220 You will be disconnected after 3 minutes of inactivity.
[10:13:03] AUTH TLS
[10:13:04] 234 AUTH TLS OK.
[10:13:04] Connected. Exchanging encryption keys...
[10:13:04] Key Exchange: 1024 bit RSA
[10:13:04] Session Cipher: 128 bit RC4
[10:13:04] TLS 1.0 encrypted session established.
[10:13:04] Command channel protection set to Private.
[10:13:04] PBSZ 0
[10:13:04] 200 PBSZ=0
[10:13:04] USER (--user deleted--)
[10:13:04] 331 User (--user deleted--) OK. Password required
[10:13:04] PASS (hidden)
[10:13:04] 230-User (--user deleted--) has group access to: 450
[10:13:04] 230 OK. Current directory is /
[10:13:04] SYST
[10:13:05] 215 UNIX Type: L8
[10:13:05] Detected Server Type: UNIX
[10:13:05] RTT: 151.879 ms
[10:13:05] FEAT
[10:13:05] 211-Extensions supported:
[10:13:05] EPRT
[10:13:05] IDLE
[10:13:05] MDTM
[10:13:05] SIZE
[10:13:05] REST STREAM
[10:13:05] MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
[10:13:05] MLSD
[10:13:05] ESTP
[10:13:05] PASV
[10:13:05] EPSV
[10:13:05] SPSV
[10:13:05] ESTA
[10:13:05] AUTH TLS
[10:13:05] PBSZ
[10:13:05] PROT
[10:13:05] 211 End.
[10:13:05] Detected Server Software: PureFTPd
[10:13:05] PWD
[10:13:05] 257 "/" is your current location

Windows XP does not support AES. Hence RC4 is selected as the default cipher. Windows Vista and higher supports AES.

Thank you for the quick response, Mat!


I wouldn't worry much about the session cipher. The security of connection is not compromised due to the fact that RC4 is being used instead of AES. Nevertheless I recommend to upgrade from Windows XP to a newer operating system (e.g. Windows 7).

You are absolutely right about upgrading to Windows 7 for my newer machines, but this is an older private comp that works still very nicely.

BTW, it's also possible to have 3DES security with WinXP if you have SP>2. It's just a setting in Local Security Settings: set "use FIPS-compliant Algorithms ..." etc to "enabled".

I think there was a discussion a while ago why Windows prefers RC4 over 3DES on Windows XP. And as far as I remember the conclusion was that RC4 is less CPU intensive than 3DES and that was the main reason behind.