Commit a07518c0 authored by Antoine Beaupré's avatar Antoine Beaupré

use a working FTP/TLS configuration

parent 207d3957
......@@ -41,16 +41,12 @@ User nobody
Group nogroup
RequireValidShell off
TLSRSACertificateKeyFile /etc/apache-ssl/apache.pem
TLSRSACertificateFile /etc/apache-ssl/apache.pem
TLSEngine on
# Use the IANA registered ephemeral port range
# If you have a firewall, you should open this portrange
# (or change it)
# since ip_conntrack_ftp cannot decrypt TLS session.
PassivePorts 49152 65534
<Directory /*>
DenyAll
</Directory>
......@@ -97,3 +93,29 @@ DirFakeUser on ~
</Limit>
UseIPv6 off
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired off
# Server's certificate
TLSRSACertificateFile /etc/alternc/apache.pem
# TLSRSACertificateKeyFile /etc/ftpd/server.key.pem
# CA the server trusts
# TLSCACertificateFile /etc/ftpd/root.cert.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate required off
</IfModule>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment