X

Arquivo de Configuração /etc/proftpd/tls.conf

# Proftpd sample configuration for FTPS connections.

# Note that FTPS impose some limitations in NAT traversing.

# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html

# for more information.

<IfModule mod_tls.c>

TLSEngine on

TLSLog /var/log/proftpd/tls.log

TLSProtocol SSLv23

# Server SSL certificate. You can generate a self-signed certificate using

# a command like:

# openssl req -x509 -newkey rsa:1024 \

# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \

# -nodes -days 365

# The proftpd.key file must be readable by root only. The other file can be

# readable by anyone.

# chmod 0600 /etc/ssl/private/proftpd.key

# chmod 0640 /etc/ssl/private/proftpd.key

TLSRSACertificateFile /etc/ssl/proftpd/proftpd.crt

TLSRSACertificateKeyFile /etc/ssl/proftpd/proftpd.key

# CA the server trusts

#TLSCACertificateFile /etc/ssl/proftpd/server.pem

# or avoid CA cert and be verbose

TLSOptions AllowClientRenegotiations NoCertRequest NoSessionReuseRequired

#TLSOptions NoCertRequest EnableDiags

# Per default drop connection if client tries to start a renegotiate

# This is a fix for CVE-2009-3555 but could break some clients.

#TLSOptions AllowClientRenegotiations

#TLSOptions noSessionReuseRequired

# Authenticate clients that want to use FTP over TLS?

TLSVerifyClient off

# Are clients required to use FTP over TLS when talking to this server?

TLSRequired no

# Allow SSL/TLS renegotiations when the client requests them, but

# do not force the renegotations. Some clients do not support

# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these

# clients will close the data connection, or there will be a timeout

# on an idle data connection.

TLSRenegotiate required off

</IfModule>