FTP TLS Protocol Configuration

mightfixthis

• July 03, 2020 11:35

Greetings, I'm wondering what the syntactically correct way of leaving only TLSv1.2 as the TLS protocol on the FTP service enabled. I've tried a few options after reading the what the defaults were on the documentation as such: From: HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
To: HIGH:+TLSv1_2:!TLSv1_1:!TLSv1:!SSLv2:!SSLv3
Any advice on this is appreciated.

• 

  andrew.n

  • July 05, 2020 09:24

  I believe that should be right as per the documentation FTP Server Configuration | cPanel & WHM Documentation

  0
• 

  mightfixthis

  • July 06, 2020 15:46

  I believe that should be right as per the documentation

  0
• 

  cPanelLauren

  • July 07, 2020 17:38

  Just to clarify are you using ProFTPd or PureFTPd? We note the use of ProFTPd in the PCI compliance KB article here: ProFTPD module mod_tls In order to strictly use TLSv1.2 you should just be able to enter the following: -36-54.png">66569 I used the cipher set as follows: HIGH:MEDIUM:+TLSv12
  To test FTP(TLS): openssl s_client -connect server.hostname.tld:21 -starttls ftp
  You'll see an error if you attempt to do this without tls: openssl s_client -connect server.hostname.tld:21 -starttls ftp -no_tls1_2
  

  0
• 

  digitaliway

  • November 10, 2022 17:25

  Will this syntax string work for the TLS Cipher Suite in Pure-FTPd limiting only to tls 1.2 and no anonymous authentication? HIGH:+TLSv1_2:!SSLv2:!SSLv3:!ADH:!DES:!3DES:!aNULL:!eNULL:!NULL Can you please post an example for Pure-FTPd to only allow TLS 1.2 and no anonymous authentication using the TLS Cipher Suite field? what syntax should be used? +TLSv1.2 or +TLSv1_2 or +TLSv12 If I need to use only ProFTP for PCI compliance please let me know? thank you

  0

Please sign in to leave a comment.