From 39020569f0805ce16a58346e04a2710935aecf0a Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@octopuce.fr>
Date: Mon, 20 Apr 2015 19:16:23 +0200
Subject: [PATCH] proper FTP/TLS connection

---
 etc/alternc/templates/proftpd/proftpd.conf | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/etc/alternc/templates/proftpd/proftpd.conf b/etc/alternc/templates/proftpd/proftpd.conf
index 7d55ba68..46d174f8 100644
--- a/etc/alternc/templates/proftpd/proftpd.conf
+++ b/etc/alternc/templates/proftpd/proftpd.conf
@@ -43,7 +43,7 @@ RequireValidShell		off
 # If you have a firewall, you should open this portrange 
 # (or change it)
 # since ip_conntrack_ftp cannot decrypt TLS session.
-PassivePorts 49152 65534
+PassivePorts 50000 60000
 
 <Directory /*>
         DenyAll
@@ -143,4 +143,12 @@ TransferLog /var/log/proftpd/xferlog
        # clients will close the data connection, or there will be a timeout
        # on an idle data connection.
        TLSRenegotiate required off
+
+       #  As of ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections that reuse 
+       # the SSL session of the control connection, as a security measure. 
+       # Unfortunately, there are some clients (e.g. curl) which do not reuse SSL sessions. 
+       #  To relax the requirement that the SSL session from the control connection 
+       # be reused for data connections, use the following
+       TLSOptions NoSessionReuseRequired 
+
 </IfModule>