# defaults for module: srv-ftp
#
[ftp]
  full_users		undef
  full_groups		undef

  chroot_users		undef

  enable_anonymous	yes
  enable_tls		no
  passive_ports		49152 65534

  # chrooted users
  default_root_groups	!ftp_full,!adm

  # SSL/TLS options
  #
  tls_protocol		SSLv23
  tls_cert_file		/etc/ssl/certs/::cert.filename::.pem
  tls_key_file		/etc/ssl/private/::cert.filename::.key
  tls_required		on
  tls_logfile		/var/log/proftpd/tls.log
  tls_options		NoCertRequest EnableDiags NoSessionReuseRequired

  # NOTE ON tls_options:
  #
  # This is a fix for CVE-2009-3555 but could break some clients.
  #tls_options		AllowClientRenegotiations
