smeserver/smeserver-proftpd
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-5.sme

Browse Source 
- use esmith::ssl to set ciphers and protocol [SME: 12825]
  add TLSCipherSuite usage and order ciphers by strength
This commit is contained in:
Jean-Philippe Pialasse 2025-01-18 15:50:34 -05:00
parent fdf0c054bd
commit 78dae4cbef
3 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
contriborbase
View File

@ -1 +0,0 @@
sme10

8
root/etc/e-smith/templates/etc/proftpd.conf/06ModTLS
View File

@ -1,5 +1,6 @@
{ {
#check if TLS is enabled use esmith::ssl;
#check if TLS is enabled
if (($ftp{TLSEnable} || 'on') eq 'on') { if (($ftp{TLSEnable} || 'on') eq 'on') {
#check if TLS is required: values "on", "off" #check if TLS is required: values "on", "off"
@ -20,13 +21,14 @@
$chain_file = "# no chain cert" unless -e $chain_file; $chain_file = "# no chain cert" unless -e $chain_file;
$chain_file = ( $chain_file eq "# no chain cert" )? $chain_file : "TLSCertificateChainFile $chain_file"; $chain_file = ( $chain_file eq "# no chain cert" )? $chain_file : "TLSCertificateChainFile $chain_file";
my $ciphers = $modSSL{CipherSuite} || $ftp{CipherSuite} || $smeCiphers;
$OUT .= <<SSL_END; $OUT .= <<SSL_END;
<IfModule mod_tls.c> <IfModule mod_tls.c>
TLSEngine on TLSEngine on
TLSLog /var/log/proftpd/tls.log TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1.1 TLSv1.2 TLSProtocol $smeSSLprotocol
TLSCipherSuite $ciphers
TLSOptions NoCertRequest AllowClientRenegotiations TLSOptions NoCertRequest AllowClientRenegotiations
TLSRSACertificateFile $crt TLSRSACertificateFile $crt
TLSRSACertificateKeyFile $key TLSRSACertificateKeyFile $key

6
smeserver-proftpd.spec
View File

@ -4,7 +4,7 @@ Summary: smeserver specific proftpd configuration files and templates
%define name smeserver-proftpd %define name smeserver-proftpd
Name: %{name} Name: %{name}
%define version 11.0.0 %define version 11.0.0
%define release 4 %define release 5
Version: %{version} Version: %{version}
Release: %{release}%{?dist} Release: %{release}%{?dist}
License: GPL License: GPL
@ -21,6 +21,10 @@ Provides: e-smith-proftpd
AutoReqProv: no AutoReqProv: no
%changelog %changelog
* Sat Jan 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-5.sme
- use esmith::ssl to set ciphers and protocol [SME: 12825]
add TLSCipherSuite usage and order ciphers by strength
* Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-4.sme * Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-4.sme
- Update createlinks to create smeserver-package-update event[SME: 12579] - Update createlinks to create smeserver-package-update event[SME: 12579]