* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-5.sme

- use esmith::ssl to set ciphers and protocol [SME: 12825]
  add TLSCipherSuite usage and order ciphers by strength

contriborbase

@@ -1 +0,0 @@
-sme10

root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS

@@ -1,5 +1,6 @@
 {
-    	#check if TLS is enabled
+    	  use esmith::ssl;
+        #check if TLS is enabled
         if (($ftp{TLSEnable} || 'on') eq 'on') {
 
         #check if TLS is required: values "on", "off"
@@ -18,15 +19,16 @@
         my $chain_file = $modSSL{CertificateChainFile} ||
         "# no chain cert";
 	$chain_file = "# no chain cert" unless -e $chain_file;
-
+        
         $chain_file = ( $chain_file eq "# no chain cert" )? $chain_file  : "TLSCertificateChainFile $chain_file";
-
+        my $ciphers = $modSSL{CipherSuite} || $ftp{CipherSuite} || $smeCiphers;
     	$OUT .= <<SSL_END;
 
 <IfModule mod_tls.c>
 TLSEngine                  on
 TLSLog                     /var/log/proftpd/tls.log
-TLSProtocol                TLSv1.1 TLSv1.2
+TLSProtocol                $smeSSLprotocol
+TLSCipherSuite						 $ciphers
 TLSOptions                 NoCertRequest AllowClientRenegotiations
 TLSRSACertificateFile      $crt
 TLSRSACertificateKeyFile   $key

smeserver-proftpd.spec

@@ -4,7 +4,7 @@ Summary: smeserver specific proftpd configuration files and templates
 %define name smeserver-proftpd
 Name: %{name}
 %define version 11.0.0
-%define release 4
+%define release 5
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -21,6 +21,10 @@ Provides: e-smith-proftpd
 AutoReqProv: no
 
 %changelog
+* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-5.sme
+- use esmith::ssl to set ciphers and protocol [SME: 12825]
+  add TLSCipherSuite usage and order ciphers by strength
+
 * Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-4.sme
 - Update createlinks to create smeserver-package-update event[SME: 12579]