I am working on a FTPS Client which supports the TLS Cipher Suites as Follow:
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
While I have created the AWS FTPS Server with Security Policy TransferSecurityPolicy-2018-11 which supports the following TLS Cipher Suites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
The AWS Server has support for the TLS Cipher Suites of my Client (mentioned in Bold and Italic) but still fails at TLS handshake. The TLS Version is TLS v1.2 on Both Sides.
I have looked into the Communication with Wireshark and Client does tries to initiate a connection and offers its Supported TLS Cipher Suites list but Server Closes the Connection as soon as it receives Client Hello from client along with TLS Cipher Suites List.
I tried another Client application which had support for the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Cipher Suite List which is also available in same Security Policy of AWS TransferSecurityPolicy-2018-11 and the connection was successfully establish with this client.
Due to some limitations, I cannot use the Updated Client for now (May be in future) and has to look around for solution with same Supported Cipher Suite.
