I'm using PureFTP with TLS since years for Froxlor with purchased SSL certificates. Now the certificate expired and I want to use Let's encrypt.
Here is my suggestion for a more secure PureFTP configuration - in addition to the current parameters from the froxlor setup guide:
Maybe it's an option to make this part of the default configuration and integrate the certificate merging into the froxlor-cron? Any ideas how this could look like on different distributions (Gentoo / RHEL / Ubuntu)?
Question
BigD
Hi,
I'm using PureFTP with TLS since years for Froxlor with purchased SSL certificates. Now the certificate expired and I want to use Let's encrypt.
Here is my suggestion for a more secure PureFTP configuration - in addition to the current parameters from the froxlor setup guide:
Making TLS mandatory:
echo "2" > /etc/pure-ftpd/conf/TLSReduce the Ciphers to the secure ones:
echo "HIGH:!aNULL:!LOW:!EXP:!RC4:!3DES:!SSLv3:!SSLv2" > /etc/pure-ftpd/conf/TLSCipherSuiteDoing this every time the host certificates are updated (or once a night ;-) ):
cat /etc/ssl/froxlor-custom/{{hostname}}.crt /etc/ssl/froxlor-custom/{{hostname}}_chain.pem /etc/ssl/froxlor-custom/{{hostname}}.key > /etc/ssl/private/pure-ftpd.pem systemctl restart pure-ftpd-mysqlMaybe it's an option to make this part of the default configuration and integrate the certificate merging into the froxlor-cron? Any ideas how this could look like on different distributions (Gentoo / RHEL / Ubuntu)?
Thanks for your feedback
1 answer to this question
Recommended Posts
Archived
This topic is now archived and is closed to further replies.