[Proftpd-user] disable tlsv1.0

Discussion:

Hajo Locke

2015-12-21 11:21:47 UTC

Hello,

there is a growing number of people who think tlsv1.0 is insecure and
should be disabled.
Is this possible with proftpd? I think directive TLSProtocol makes no
differences between tlsv1, tlsv1.1 or tlsv1.2

Thanks,
Hajo

TJ Saunders

2015-12-21 17:53:40 UTC

Permalink

Post by Hajo Locke
there is a growing number of people who think tlsv1.0 is insecure and
should be disabled.
Is this possible with proftpd? I think directive TLSProtocol makes no
differences between tlsv1, tlsv1.1 or tlsv1.2

That's incorrect; the TLSProtocol directive can be used to specify just
the TLS protocol versions you wish to use, e.g:

TLSProtocol TLSv1.1 TLSv1.2

Note that your OpenSSL version must be new enough to support TLSv1.1 and
TLSv1.2; some older OpenSSL versions only
supported up to TLSv1.0. The TLSProtocol directive, when used with
those old OpenSSL versions, will not let you configure
the above.

Hope this helps,
TJ

Hajo Locke

2015-12-23 14:52:54 UTC

Permalink

Hello,

ahh, yes. Thanks. Google offered oudated docs.
i found this:
http://www.proftpd.org/docs/directives/linked/config_ref_TLSProtocol.html

More helpful ist this:

http://www.proftpd.org/docs/contrib/mod_tls.html#TLSProtocol

Thanks,
Hajo

Post by TJ Saunders

That's incorrect; the TLSProtocol directive can be used to specify just
TLSProtocol TLSv1.1 TLSv1.2
Note that your OpenSSL version must be new enough to support TLSv1.1 and
TLSv1.2; some older OpenSSL versions only
supported up to TLSv1.0. The TLSProtocol directive, when used with
those old OpenSSL versions, will not let you configure
the above.
Hope this helps,
TJ
------------------------------------------------------------------------------
_______________________________________________
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html