From 78dae4cbef7b66d844b73dda1658b60d6972eb73 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Pialasse Date: Sat, 18 Jan 2025 15:50:34 -0500 Subject: [PATCH] * Sat Jan 18 2025 Jean-Philippe Pialasse 11.0.0-5.sme - use esmith::ssl to set ciphers and protocol [SME: 12825] add TLSCipherSuite usage and order ciphers by strength --- contriborbase | 1 - root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS | 10 ++++++---- smeserver-proftpd.spec | 6 +++++- 3 files changed, 11 insertions(+), 6 deletions(-) delete mode 100644 contriborbase diff --git a/contriborbase b/contriborbase deleted file mode 100644 index ef36a67..0000000 --- a/contriborbase +++ /dev/null @@ -1 +0,0 @@ -sme10 diff --git a/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS b/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS index 840dd9e..9aa27b6 100644 --- a/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS +++ b/root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS @@ -1,5 +1,6 @@ { - #check if TLS is enabled + use esmith::ssl; + #check if TLS is enabled if (($ftp{TLSEnable} || 'on') eq 'on') { #check if TLS is required: values "on", "off" @@ -18,15 +19,16 @@ my $chain_file = $modSSL{CertificateChainFile} || "# no chain cert"; $chain_file = "# no chain cert" unless -e $chain_file; - + $chain_file = ( $chain_file eq "# no chain cert" )? $chain_file : "TLSCertificateChainFile $chain_file"; - + my $ciphers = $modSSL{CipherSuite} || $ftp{CipherSuite} || $smeCiphers; $OUT .= < TLSEngine on TLSLog /var/log/proftpd/tls.log -TLSProtocol TLSv1.1 TLSv1.2 +TLSProtocol $smeSSLprotocol +TLSCipherSuite $ciphers TLSOptions NoCertRequest AllowClientRenegotiations TLSRSACertificateFile $crt TLSRSACertificateKeyFile $key diff --git a/smeserver-proftpd.spec b/smeserver-proftpd.spec index d2ef732..467a933 100644 --- a/smeserver-proftpd.spec +++ b/smeserver-proftpd.spec @@ -4,7 +4,7 @@ Summary: smeserver specific proftpd configuration files and templates %define name smeserver-proftpd Name: %{name} %define version 11.0.0 -%define release 4 +%define release 5 Version: %{version} Release: %{release}%{?dist} License: GPL @@ -21,6 +21,10 @@ Provides: e-smith-proftpd AutoReqProv: no %changelog +* Sat Jan 18 2025 Jean-Philippe Pialasse 11.0.0-5.sme +- use esmith::ssl to set ciphers and protocol [SME: 12825] + add TLSCipherSuite usage and order ciphers by strength + * Thu Apr 04 2024 Brian Read 11.0.0-4.sme - Update createlinks to create smeserver-package-update event[SME: 12579]