use a working FTP/TLS configuration

2008-10-14 23:14:42 +00:00 · 2008-10-14 23:14:42 +00:00 · a07518c00a
parent 207d3957f8
commit a07518c00a
1 changed files with 26 additions and 4 deletions
--- a/etc/alternc/templates/proftpd/proftpd.conf
+++ b/etc/alternc/templates/proftpd/proftpd.conf
@ -41,16 +41,12 @@ User                            nobody
 Group                           nogroup
 RequireValidShell		off

-TLSRSACertificateKeyFile	/etc/apache-ssl/apache.pem
-TLSRSACertificateFile		/etc/apache-ssl/apache.pem
-TLSEngine                       on
 # Use the IANA registered ephemeral port range
 # If you have a firewall, you should open this portrange 
 # (or change it)
 # since ip_conntrack_ftp cannot decrypt TLS session.
 PassivePorts 49152 65534

-
 <Directory /*>
        DenyAll
 </Directory>
@ -97,3 +93,29 @@ DirFakeUser     on ~
 </Limit>

 UseIPv6 off
+
+<IfModule mod_tls.c>
+       TLSEngine on
+       TLSLog /var/log/proftpd/tls.log
+       TLSProtocol TLSv1
+
+       # Are clients required to use FTP over TLS when talking to this server?
+       TLSRequired off
+
+       # Server's certificate
+       TLSRSACertificateFile /etc/alternc/apache.pem
+       # TLSRSACertificateKeyFile /etc/ftpd/server.key.pem
+
+       # CA the server trusts
+       # TLSCACertificateFile /etc/ftpd/root.cert.pem
+
+       # Authenticate clients that want to use FTP over TLS?
+       TLSVerifyClient off
+
+       # Allow SSL/TLS renegotiations when the client requests them, but
+       # do not force the renegotations.  Some clients do not support
+       # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
+       # clients will close the data connection, or there will be a timeout
+       # on an idle data connection.
+       TLSRenegotiate required off
+</IfModule>