Pure FTP over TLS

trover said:
Hi,
I'm using "pureftpd" with DirectAdmin, how can i enable and setup TLS to use with my FTP accounts ? free: (with server self certificate)
Click to expand...

I have my (CentOS 6.7) box set up like this. I think I installed it through CustomBuild (2). But I don't have /etc/pure-ftpd/pure-ftpd.conf. The configuration is actually at /etc/rc.d/init.d/pure-ftpd

What I'm missing from the instructions in your link is restricting to TLSv1, and not accepting older (unsafe) protocols (SSLv2/3) (see this technote for the ciphers). It's also very unlikely that you don't already have OpenSSL installed.
I think DirectAdmin always creates a server key/cert, so you may just want to use that.

One thing I found disappointing, is that there is no such thing as SNI for FTP. So in order to force secure connections, you always have to direct your users to the server domain (hostname). AFAIK, that's just a limitation of the "FTP-over-TLS" protocol.
 
Last edited:
I do test again ...
actually its ready by default ! Thanks to forum users and DirectAdmin Team :)
 
pure FTP with tlsv1.2

zmippie said:
I have my (CentOS 6.7) box set up like this. I think I installed it through CustomBuild (2). But I don't have /etc/pure-ftpd/pure-ftpd.conf. The configuration is actually at /etc/rc.d/init.d/pure-ftpd

What I'm missing from the instructions in your link is restricting to TLSv1, and not accepting older (unsafe) protocols (SSLv2/3) (see this technote for the ciphers). It's also very unlikely that you don't already have OpenSSL installed.
I think DirectAdmin always creates a server key/cert, so you may just want to use that.

One thing I found disappointing, is that there is no such thing as SNI for FTP. So in order to force secure connections, you always have to direct your users to the server domain (hostname). AFAIK, that's just a limitation of the "FTP-over-TLS" protocol.
Click to expand...


How we can more secure it with TLS V1.2 not TLS V1?
 
You must log in or register to reply here.
Back
Top