FTP TLS Protocol Configuration

mightfixthis

Registered
Jul 3, 2020
2
0
1
United States
cPanel Access Level
Root Administrator
Greetings,

I'm wondering what the syntactically correct way of leaving only TLSv1.2 as the TLS protocol on the FTP service enabled. I've tried a few options after reading the what the defaults were on the documentation as such:

From:
Code:
HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
To:
Code:
HIGH:+TLSv1_2:!TLSv1_1:!TLSv1:!SSLv2:!SSLv3
Any advice on this is appreciated.
 

mightfixthis

Registered
Jul 3, 2020
2
0
1
United States
cPanel Access Level
Root Administrator
I believe that should be right as per the documentation FTP Server Configuration | cPanel & WHM Documentation
I thought the same as well, but each time I attempted to restart the FTP server, it complained about invalid syntax for the Cipher Suite. This might be more of a question I should direct to cPanel, but having some practical examples of configuration would be helpful within the documentation.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,251
313
Houston
Just to clarify are you using ProFTPd or PureFTPd? We note the use of ProFTPd in the PCI compliance KB article here: PCI Compliance and Software Versions | cPanel & WHM Documentation

We use mod_tls for configuration, information on which can be found here: ProFTPD module mod_tls

In order to strictly use TLSv1.2 you should just be able to enter the following:

Screenshot at Jul 07 12-36-54.png

I used the cipher set as follows:
HIGH:MEDIUM:+TLSv12

To test FTP(TLS):

Code:
openssl s_client -connect server.hostname.tld:21 -starttls ftp
You'll see an error if you attempt to do this without tls:

Code:
openssl s_client -connect server.hostname.tld:21 -starttls ftp -no_tls1_2