From 406b247a666b0b10380acb77bd612e71d5146c10 Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <sebastian@vanwa.ch>
Date: Fri, 14 Oct 2016 06:27:38 +0200
Subject: [PATCH] add tls config

---
 rootfs/etc/confd/templates/proftpd.conf.tmpl | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/rootfs/etc/confd/templates/proftpd.conf.tmpl b/rootfs/etc/confd/templates/proftpd.conf.tmpl
index 8fd5867..016f399 100644
--- a/rootfs/etc/confd/templates/proftpd.conf.tmpl
+++ b/rootfs/etc/confd/templates/proftpd.conf.tmpl
@@ -18,6 +18,23 @@ PassivePorts {{getenv "PASSIVE_LOWER_BOUND"}} {{getenv "PASSIVE_UPPER_BOUND"}}
   DenyAll
 </Limit>
 
+<IfModule mod_tls.c>
+    TLSEngine on
+    TLSProtocol TLSv1.2
+    TLSRequired on
+
+    TLSRSACertificateFile /etc/ssl/proftp/fullchain.pem
+    TLSRSACertificateKeyFile /etc/ssl/proftp/provkey.pem
+
+    # CA the server trusts
+    TLSCACertificateFile /etc/ftpd/root.cert.pem
+
+    TLSVerifyClient off
+    TLSServerCipherPreference on
+    TLSSessionCache internal: 1800
+    TLSCipherSuite AES128+EECDH:AES128+EDH
+</IfModule>
+
 <IfModule mod_ldap.c>
     AuthOrder mod_ldap.c