-
Notifications
You must be signed in to change notification settings - Fork 11
/
tls.conf
37 lines (27 loc) · 1.15 KB
/
tls.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# adapt this file to match your needs and bind it as a volume on /etc/proftpd/tls.conf
<IfModule mod_tls.c>
TLSEngine on
<IfDefine VERBOSE=ON>
TLSLog /var/log/proftpd/tls.log
</IfDefine>
# Support both SSLv3 and TLSv1
TLSProtocol SSLv3 TLSv1
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on
# Server's RSA certificate
TLSRSACertificateFile /etc/proftpd/certs/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/certs/proftpd.key.pem
# Server's EC certificate
# TLSECCertificateFile /etc/proftpd/certs/proftpd-ec.cert.pem
# TLSECCertificateKeyFile /etc/proftpd/certs/proftpd-ec.key.pem
# CA the server trusts
# TLSCACertificateFile /etc/proftpd/certs/proftpd.root.cert.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none
</IfModule>