* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-5.sme

- use esmith::ssl to set ciphers and protocol [SME: 12825]
  add TLSCipherSuite usage and order ciphers by strength

root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS

@@ -1,5 +1,6 @@
 {
-    	#check if TLS is enabled
+    	  use esmith::ssl;
+        #check if TLS is enabled
         if (($ftp{TLSEnable} || 'on') eq 'on') {
 
         #check if TLS is required: values "on", "off"
@@ -18,15 +19,16 @@
         my $chain_file = $modSSL{CertificateChainFile} ||
         "# no chain cert";
 	$chain_file = "# no chain cert" unless -e $chain_file;
-
+        
         $chain_file = ( $chain_file eq "# no chain cert" )? $chain_file  : "TLSCertificateChainFile $chain_file";
-
+        my $ciphers = $modSSL{CipherSuite} || $ftp{CipherSuite} || $smeCiphers;
     	$OUT .= <<SSL_END;
 
 <IfModule mod_tls.c>
 TLSEngine                  on
 TLSLog                     /var/log/proftpd/tls.log
-TLSProtocol                TLSv1.1 TLSv1.2
+TLSProtocol                $smeSSLprotocol
+TLSCipherSuite						 $ciphers
 TLSOptions                 NoCertRequest AllowClientRenegotiations
 TLSRSACertificateFile      $crt
 TLSRSACertificateKeyFile   $key