proftpd/proftpd-tls.template

###############################################################################
# http://www.proftpd.org/docs/contrib/mod_tls.html
###############################################################################
<IfModule mod_dso.c>
    # If mod_tls was built as a shared/DSO module, load it
    LoadModule mod_tls.c
</IfModule>

<IfModule mod_tls.c>
    TLSEngine                  on
    TLSLog                     /var/log/proftpd/tls.log

    # Support both SSLv3 and TLSv1
    TLSProtocol                TLSv1 TLSv1.1 TLSv1.2

    # Are clients required to use FTP over TLS when talking to this server?
    TLSRequired                off

    # Server's RSA certificate
    TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem
    TLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pem

    # CA (or CA chain) the server trusts
    TLSCACertificateFile        /etc/proftpd/ssl/proftpd.cacert.pem

    # Authenticate clients that want to use FTP over TLS?
    TLSVerifyClient            off

    # Allow SSL/TLS renegotiations when the client requests them, but
    # do not force the renegotations.  Some clients do not support
    # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
    # clients will close the data connection, or there will be a timeout
    # on an idle data connection.
    TLSRenegotiate none

    # Should Server request a Clients Certificate and send valid CA list ?
    TLSOptions                 NoCertRequest NoSessionReuseRequired
</IfModule>
Accepting request 477361 from home:computersalat:devel:network fix and update proftpd-basic.conf.patch, limit include sample, tls sample config OBS-URL: https://build.opensuse.org/request/show/477361 OBS-URL: https://build.opensuse.org/package/show/network/proftpd?expand=0&rev=45 2017-03-07 00:22:35 +01:00			`###############################################################################`
			`# http://www.proftpd.org/docs/contrib/mod_tls.html`
			`###############################################################################`
			`<IfModule mod_dso.c>`
			`# If mod_tls was built as a shared/DSO module, load it`
			`LoadModule mod_tls.c`
			`</IfModule>`

			`<IfModule mod_tls.c>`
			`TLSEngine on`
			`TLSLog /var/log/proftpd/tls.log`

			`# Support both SSLv3 and TLSv1`
Accepting request 477363 from home:computersalat:devel:network fix and update proftpd-basic.conf.patch, limit include sample, tls sample config OBS-URL: https://build.opensuse.org/request/show/477363 OBS-URL: https://build.opensuse.org/package/show/network/proftpd?expand=0&rev=46 2017-03-07 00:47:21 +01:00			`TLSProtocol TLSv1 TLSv1.1 TLSv1.2`
Accepting request 477361 from home:computersalat:devel:network fix and update proftpd-basic.conf.patch, limit include sample, tls sample config OBS-URL: https://build.opensuse.org/request/show/477361 OBS-URL: https://build.opensuse.org/package/show/network/proftpd?expand=0&rev=45 2017-03-07 00:22:35 +01:00
			`# Are clients required to use FTP over TLS when talking to this server?`
			`TLSRequired off`

			`# Server's RSA certificate`
			`TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem`
			`TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem`

			`# CA (or CA chain) the server trusts`
			`TLSCACertificateFile /etc/proftpd/ssl/proftpd.cacert.pem`

			`# Authenticate clients that want to use FTP over TLS?`
			`TLSVerifyClient off`

			`# Allow SSL/TLS renegotiations when the client requests them, but`
			`# do not force the renegotations. Some clients do not support`
			`# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these`
			`# clients will close the data connection, or there will be a timeout`
			`# on an idle data connection.`
			`TLSRenegotiate none`

			`# Should Server request a Clients Certificate and send valid CA list ?`
			`TLSOptions NoCertRequest NoSessionReuseRequired`
			`</IfModule>`