Arquivo de Configuração /etc/proftpd/tls.conf

Exemplo de arquivo de configuração para o Proftpd aceitar conexões FTPs.

# Proftpd sample configuration for FTPS connections.
# Note that FTPS impose some limitations in NAT traversing.
# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
<IfModule mod_tls.c>
    TLSEngine on
    TLSLog /var/log/proftpd/tls.log
    TLSProtocol SSLv23
    
    # Server SSL certificate. You can generate a self-signed certificate using
    # A command like:
    # openssl req -x509 -newkey rsa:1024 \
    # -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
    # -nodes -days 365
    # The proftpd.key file must be readable by root only. The other file can be
    # readable by anyone.
    # chmod 0600 /etc/ssl/private/proftpd.key
    # chmod 0640 /etc/ssl/private/proftpd.key
    TLSRSACertificateFile /etc/ssl/proftpd/proftpd.crt
    TLSRSACertificateKeyFile /etc/ssl/proftpd/proftpd.key

    # CA the server trusts
    #TLSCACertificateFile /etc/ssl/proftpd/server.pem
    # or avoid CA cert and be verbose
    TLSOptions AllowClientRenegotiations NoCertRequest NoSessionReuseRequired

    #TLSOptions NoCertRequest EnableDiags
    # Per default drop connection if client tries to start a renegotiate
    # This is a fix for CVE-2009-3555 but could break some clients.
    #TLSOptions AllowClientRenegotiations
    #TLSOptions noSessionReuseRequired
    # Authenticate clients that want to use FTP over TLS?
    TLSVerifyClient off

    # Are clients required to use FTP over TLS when talking to this server?
    TLSRequired no
    # Allow SSL/TLS renegotiations when the client requests them, but
    # do not force the renegotations. Some clients do not support
    # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
    # clients will close the data connection, or there will be a timeout
    # on an idle data connection.
    TLSRenegotiate required off
</IfModule>