update pure-ftpd TLS cipher preference for .08 beta

centminmod · Feb 14, 2015 · afaed31 · afaed31
1 parent ee5b3b2
commit afaed31
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/inc/pureftpd.inc b/inc/pureftpd.inc
@@ -17,7 +17,10 @@ pureftpinstall() {
 		sed -i 's/#CreateHomeDir               yes/CreateHomeDir               yes/' /etc/pure-ftpd/pure-ftpd.conf
 		sed -i 's/# TLS                      1/TLS                      2/' /etc/pure-ftpd/pure-ftpd.conf
 		sed -i 's/# PassivePortRange          30000 50000/PassivePortRange    3000 3050/' /etc/pure-ftpd/pure-ftpd.conf
-
+
+		# ensure TLS Cipher preference protects against poodle attacks
+		sed -i 's/# TLSCipherSuite           HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3/TLSCipherSuite           HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3/' /etc/pure-ftpd/pure-ftpd.conf
+
 		echo "generating self-signed ssl certificate..."
 		echo "FTP client needs to use FTP (explicit SSL) mode"
 		echo "to connect to server's main ip address on port 21"