forked from pool/proftpd
76f785ae31
fix for boo#1032443 (CVE-2017-7418) OBS-URL: https://build.opensuse.org/request/show/486640 OBS-URL: https://build.opensuse.org/package/show/network/proftpd?expand=0&rev=50
43 lines
1.7 KiB
Plaintext
43 lines
1.7 KiB
Plaintext
###############################################################################
|
|
# http://www.proftpd.org/docs/contrib/mod_tls.html
|
|
###############################################################################
|
|
<IfModule mod_dso.c>
|
|
# If mod_tls was built as a shared/DSO module, load it
|
|
LoadModule mod_tls.c
|
|
</IfModule>
|
|
|
|
<IfModule mod_tls.c>
|
|
TLSEngine on
|
|
TLSLog /var/log/proftpd/tls.log
|
|
|
|
# Support both SSLv3 and TLSv1, but they should not be used
|
|
# (known to be weak)
|
|
TLSProtocol TLSv1.1 TLSv1.2
|
|
|
|
# Are clients required to use FTP over TLS when talking to this server?
|
|
TLSRequired off
|
|
|
|
# Server's RSA certificate
|
|
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
|
|
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
|
|
|
|
# CA (or CA chain) to verify client certs
|
|
#TLSCACertificateFile /etc/proftpd/ssl/proftpd.cacert.pem
|
|
|
|
# CA (or CA chain) to verify certification path of server cert
|
|
TLSCertificateChainFile /etc/proftpd/ssl/proftpd.cacert.pem
|
|
|
|
# Authenticate clients that want to use FTP over TLS?
|
|
TLSVerifyClient off
|
|
|
|
# Allow SSL/TLS renegotiations when the client requests them, but
|
|
# do not force the renegotations. Some clients do not support
|
|
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
|
|
# clients will close the data connection, or there will be a timeout
|
|
# on an idle data connection.
|
|
TLSRenegotiate none
|
|
|
|
# Should Server request a Clients Certificate and send valid CA list ?
|
|
TLSOptions NoCertRequest NoSessionReuseRequired
|
|
</IfModule>
|