[Ach] proftpd 1.3.5 - first version to allow sane configuration of TLS
Hanno Böck
hanno at hboeck.de
Thu May 15 19:44:00 CEST 2014
Probably interesting for some people:
The proftpd server has been released in version 1.3.5. And that's the
first version where you can actually really configure TLS in a
meaningful way.
See e.g. bug discussion here:
http://bugs.proftpd.org/show_bug.cgi?id=4024
And here I share our server configuration:
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSRequired on
TLSRenegotiate none
TLSOptions NoSessionReuseRequired
TLSVerifyClient off
TLSCipherSuite
HIGH:!MEDIUM:!LOW:!3DES:!CAMELLIA:!aNULL:!EXP:!NULL at STRENGTH
TLSRSACertificateFile /etc/ssl/private/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSCertificateChainFile /etc/ssl/private/proftpd.chain
TLSDHParamFile /etc/proftpd/dh4096.pem
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140515/fb991d86/attachment.sig>
More information about the Ach
mailing list