Article 13111 at 08/05/29 18:19:03 From: tmueko (at mark) kommunity.net Subject: [coba-e:13111] Re: FTP - TLS/SSL Support?

Index: [Article Count Order] [Thread]
Date:  Thu, 29 May 2008 11:18:51 +0200
From:  =?ISO-8859-1?Q?Tom_M=FCller-Kortkamp?= <tmueko (at mark) kommunity.net>
Subject:  [coba-e:13111] Re: FTP - TLS/SSL Support? - Updated Instructions
To:  coba-e (at mark) bluequartz.org
Message-Id:  <D7856D84-4607-4590-A9AF-AFAAA38ABC6C (at mark) kommunity.net>
In-Reply-To:  <020e01c8c148$4c848b20$0569a8c0@WORK1>
References:  <65BFD6BC-93A9-4CC1-92C7-CD1B7092C90B (at mark) mfc.bakkers.gr.jp> <00ca01c8bd3b$8064f800$0569a8c0 (at mark) WORK1> <032401c8c05c$09220d90$0569a8c0 (at mark) WORK1> <020e01c8c148$4c848b20$0569a8c0 (at mark) WORK1>
X-Mail-Count: 13111

Hi,

i've just one include-line in the <global>-part like
include /etc/proftpd.conf.tls

with the following content (I use the dovecot-certs):
# cat /etc/proftpd.conf.tls
<IfModule mod_tls.c>
   TLSEngine on
   TLSLog /var/log/ftp-tls.log
   TLSRequired off
   TLSRSACertificateFile /etc/pki/dovecot/certs/dovecot.pem
   TLSRSACertificateKeyFile /etc/pki/dovecot/private/dovecot.pem
   TLSVerifyClient off
   TLSOptions NoCertRequest
   TLSRenegotiate required off
</IfModule>

So I just have to add one line when prefs got lost/deleted.

Just my 5 ct ...

tmueko

Am 29.05.2008 um 06:56 schrieb Jim Scott:

> I had to make a correction to my last post. It seems that the  
> configuration I was showing only enabled TLS/SSL on the main IP  
> address. If you have multiple IP's bound to a box it would not work  
> on any of the virutalhosts.
>
> I changed the configuration to put most of the config in <Global></ 
> Global> and the directive TSLProtocol is not allowed in Global so  
> had to be put outside. I tested after these changes and I can now  
> connect on any IP address that is on my box. Also the blog was  
> updated with the new instructions.
>
> <IfModule mod_tls.c>
>   TLSProtocol TLSv1
> </IfModule>
>
> # Restore file permissions capability to site administrator
> <Global>
>  # Report localtime, not GMT
>  TimesGMT                     off
>  ServerIdent                  on "FTP Server"
>  IdentLookups                 off
>
> <IfModule mod_tls.c>
>   TLSEngine on
>   TLSLog /var/log/tls.log
>
>   # Are clients required to use FTP over TLS when talking to this  
> server?
>   TLSRequired off
>
>   # Server's certificate
>   TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
>   TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
>
>   # Authenticate clients that want to use FTP over TLS?
>   TLSVerifyClient off
>
>   # Allow SSL/TLS renegotiations when the client requests them, but
>   # do not force the renegotations.  Some clients do not support
>   # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
>   # clients will close the data connection, or there will be a timeout
>   # on an idle data connection.
>   TLSRenegotiate required off
>
> </IfModule>
>
> </Global>
>
>

--
kommunity GmbH & Co.KG
Goseriede 4, D-30159 Hannover
------------
Phone +49 (0)5 11 - 80 72 58 - 0
Fax +49 (0)5 11 - 80 72 58 - 10
------------
Sitz der Gesellschaft: Hannover,
Registergericht: Amtsgericht Hannover,
Handelsregisternummer HRA 26721


Pers�lich haftende Gesellschafterin:
kommunity Verwaltungsgesellschaft mbH
vertreten durch den Gesch��tsf�rer
Tom M�ler-Kortkamp
Sitz der Gesellschaft: Hannover,
Registergericht: Amtsgericht Hannover,
Registernummer HRB 60200