This commit is contained in:
parent
89eab906e4
commit
1769ab4503
@ -15,11 +15,7 @@ MaxClientsPerHost 5
|
||||
TLSEngine on
|
||||
TLSVerifyClient off
|
||||
TLSRenegotiate none
|
||||
TLSProtocol TLSv1.2
|
||||
TLSRSACertificateFile /etc/proftpd/cert.pem
|
||||
TLSRSACertificateKeyFile /etc/proftpd/privkey.pem
|
||||
TLSCertificateChainFile /etc/proftpd/chain.pem
|
||||
TLSCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
|
||||
TLSProtocol TLSv1.2 TLSv1.3
|
||||
TLSOptions NoSessionReuseRequired AllowClientRenegotiations
|
||||
TLSRequired on
|
||||
</IfModule>
|
||||
|
24
run.sh
24
run.sh
@ -22,6 +22,30 @@ cat $TLS_CERT > /etc/proftpd/cert.pem
|
||||
cat $TLS_KEY > /etc/proftpd/privkey.pem
|
||||
cat $TLS_CHAIN > /etc/proftpd/chain.pem
|
||||
|
||||
############ CHECK CERT KEY ALGO
|
||||
|
||||
ALGO=$(openssl x509 -in /etc/proftpd/cert.pem -text | sed -n 's/\ *Public Key Algorithm: //p')
|
||||
|
||||
if [ "$ALGO" = "id-ecPublicKey" ] ; then
|
||||
cat > /etc/proftpd/conf.d/certificate.conf <<EOF
|
||||
<IfModule mod_tls.c>
|
||||
TLSECCertificateFile /etc/proftpd/cert.pem
|
||||
TLSECCertificateKeyFile /etc/proftpd/privkey.pem
|
||||
TLSCertificateChainFile /etc/proftpd/chain.pem
|
||||
</IfModule>
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ "$ALGO" = "rsaEncryption" ] ; then
|
||||
cat > /etc/proftpd/conf.d/certificate.conf <<EOF
|
||||
<IfModule mod_tls.c>
|
||||
TLSRSACertificateFile /etc/proftpd/cert.pem
|
||||
TLSRSACertificateKeyFile /etc/proftpd/privkey.pem
|
||||
TLSCertificateChainFile /etc/proftpd/chain.pem
|
||||
</IfModule>
|
||||
EOF
|
||||
fi
|
||||
|
||||
############ PASSIVE PORTS
|
||||
|
||||
PASSIVEPORTS_START=${PASSIVEPORTS_START:-50000}
|
||||
|
Loading…
Reference in New Issue
Block a user