New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Plaintext FTP should be disabled by default #50
Comments
Requires SNI/per domain IPs and config to work without random SSL name mismatch warnings.
|
wow. SNI does not really seem like an option
|
Subject Alternative Names might be doable though with letsencrypt users - my letsencrypt cert for my home server looks like this:
|
Maybe we could re-survey the landscape of FTP servers?
|
I wonder if it'd be possible to do something with SFTP chroots these days that would make FTP redundant
|
I'm not sure there is much we can do with this until SNI comes to the ancient world of FTP. |
/etc/pure-ftpd/conf/TLS
currently appears to be set to 1 which means "Accept both normal sessions and SSL/TLS ones." - my opinion would be that for the next release, we should change this to 2, or even 3. Options are below.The text was updated successfully, but these errors were encountered: