From a07518c00a29b02eeb36e2ecac29271489e98375 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Tue, 14 Oct 2008 23:14:42 +0000 Subject: [PATCH] use a working FTP/TLS configuration --- etc/alternc/templates/proftpd/proftpd.conf | 30 +++++++++++++++++++--- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/etc/alternc/templates/proftpd/proftpd.conf b/etc/alternc/templates/proftpd/proftpd.conf index c59fc67f..07355dee 100644 --- a/etc/alternc/templates/proftpd/proftpd.conf +++ b/etc/alternc/templates/proftpd/proftpd.conf @@ -41,16 +41,12 @@ User nobody Group nogroup RequireValidShell off -TLSRSACertificateKeyFile /etc/apache-ssl/apache.pem -TLSRSACertificateFile /etc/apache-ssl/apache.pem -TLSEngine on # Use the IANA registered ephemeral port range # If you have a firewall, you should open this portrange # (or change it) # since ip_conntrack_ftp cannot decrypt TLS session. PassivePorts 49152 65534 - DenyAll @@ -97,3 +93,29 @@ DirFakeUser on ~ UseIPv6 off + + + TLSEngine on + TLSLog /var/log/proftpd/tls.log + TLSProtocol TLSv1 + + # Are clients required to use FTP over TLS when talking to this server? + TLSRequired off + + # Server's certificate + TLSRSACertificateFile /etc/alternc/apache.pem + # TLSRSACertificateKeyFile /etc/ftpd/server.key.pem + + # CA the server trusts + # TLSCACertificateFile /etc/ftpd/root.cert.pem + + # Authenticate clients that want to use FTP over TLS? + TLSVerifyClient off + + # Allow SSL/TLS renegotiations when the client requests them, but + # do not force the renegotations. Some clients do not support + # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these + # clients will close the data connection, or there will be a timeout + # on an idle data connection. + TLSRenegotiate required off +