Date:  Wed, 28 May 2008 21:56:04 -0700
From:  "Jim Scott" <jscott (at mark) infoconex.com>
Subject:  [coba-e:13110] Re: FTP - TLS/SSL Support? - Updated Instructions
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <020e01c8c148$4c848b20$0569a8c0@WORK1>
References:  <65BFD6BC-93A9-4CC1-92C7-CD1B7092C90B (at mark) mfc.bakkers.gr.jp> <00ca01c8bd3b$8064f800$0569a8c0 (at mark) WORK1> <032401c8c05c$09220d90$0569a8c0 (at mark) WORK1>
X-Mail-Count: 13110

I had to make a correction to my last post. It seems that the configuration 
I was showing only enabled TLS/SSL on the main IP address. If you have 
multiple IP's bound to a box it would not work on any of the virutalhosts.

I changed the configuration to put most of the config in <Global></Global> 
and the directive TSLProtocol is not allowed in Global so had to be put 
outside. I tested after these changes and I can now connect on any IP 
address that is on my box. Also the blog was updated with the new 
instructions.

<IfModule mod_tls.c>
    TLSProtocol TLSv1
</IfModule>

# Restore file permissions capability to site administrator
 <Global>
   # Report localtime, not GMT
   TimesGMT                     off
   ServerIdent                  on "FTP Server"
   IdentLookups                 off

<IfModule mod_tls.c>
    TLSEngine on
    TLSLog /var/log/tls.log

    # Are clients required to use FTP over TLS when talking to this server?
    TLSRequired off

    # Server's certificate
    TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
    TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem

    # Authenticate clients that want to use FTP over TLS?
    TLSVerifyClient off

    # Allow SSL/TLS renegotiations when the client requests them, but
    # do not force the renegotations.  Some clients do not support
    # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
    # clients will close the data connection, or there will be a timeout
    # on an idle data connection.
    TLSRenegotiate required off

</IfModule>

</Global>