Last updated: 2026-06-25

ProFTPD TLS/SSL Configuration Guide

This guide provides recommended TLS/SSL settings for ProFTPD to serve files over encrypted FTPS connections. ProFTPD uses mod_tls for TLS support, securing both the control channel (commands and authentication) and the data channel (file transfers).

Prerequisites

  • ProFTPD 1.3.7 or later (for TLS 1.3 support; 1.3.6 minimum for ECDSA certificates)
  • OpenSSL 1.1.1 or later
  • mod_tls compiled in or loaded as a module
  • A valid SSL/TLS certificate

Enable mod_tls

Ensure mod_tls is loaded. In your ProFTPD modules configuration:

LoadModule mod_tls.c

On Debian/Ubuntu, this is typically in /etc/proftpd/modules.conf. On RHEL, check /etc/proftpd.conf or /etc/proftpd/conf.d/.

TLS Configuration

Add the following to your ProFTPD configuration file (/etc/proftpd/proftpd.conf or a file in /etc/proftpd/conf.d/).

Enable TLS

<IfModule mod_tls.c>
    TLSEngine on
    TLSLog /var/log/proftpd/tls.log
</IfModule>

Certificate Files

TLSRSACertificateFile /etc/proftpd/ssl/cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/privkey.pem
TLSCACertificateFile /etc/proftpd/ssl/chain.pem

For ECDSA certificates (requires ProFTPD 1.3.6+):

TLSECCertificateFile /etc/proftpd/ssl/cert-ec.pem
TLSECCertificateKeyFile /etc/proftpd/ssl/privkey-ec.pem

Protocol Versions

Restrict to TLS 1.2 and TLS 1.3:

TLSProtocol TLSv1.2 TLSv1.3

Cipher Suites

Configure strong AEAD cipher suites:

TLSCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

Require TLS

Force all connections to use TLS. Without this, clients can connect in plaintext:

TLSRequired on

Available values:

  • on - Require TLS for both control and data connections (recommended)
  • ctrl - Require TLS for the control channel only (authentication is encrypted, file transfers are not)
  • data - Require TLS for the data channel only
  • off - TLS is optional

Session Settings

TLSOptions NoSessionReuseRequired EnableDiags
TLSTimeoutHandshake 30

Version note: EnableDiags requires ProFTPD 1.3.6+. On 1.3.5, use TLSOptions NoSessionReuseRequired without EnableDiags.

NoSessionReuseRequired allows data connections that don't reuse the control channel's TLS session. Some FTP clients don't support session reuse, and this prevents connection failures. If all your clients support session reuse, you can omit this for stricter security.

Client Certificate Verification

To require clients to present a certificate (mutual TLS):

TLSVerifyClient on

For most deployments, client certificate verification is not needed:

TLSVerifyClient off

See RFC 8446 ยง4.3.2 for the TLS Certificate Request specification, and Wikipedia: Mutual authentication for a general overview.

Implicit vs Explicit FTPS

ProFTPD supports two FTPS modes:

  • Explicit FTPS (port 21) - The client connects in plaintext and upgrades to TLS using the AUTH TLS command. This is the default and most compatible mode.
  • Implicit FTPS (port 990) - The connection is TLS-encrypted from the start. Legacy mode, less common.

For implicit FTPS, add a separate virtual host. A <VirtualHost> accepts multiple addresses, so list both the IPv4 and IPv6 wildcards for dual-stack. The :: wildcard requires UseIPv6 on, which is the default:

UseIPv6 on

<VirtualHost 0.0.0.0 ::>
    Port 990
    TLSEngine on
    TLSProtocol TLSv1.2 TLSv1.3
    TLSRequired on
    TLSOptions UseImplicitSSL
    # ... same certificate and cipher settings
</VirtualHost>

Passive Mode Ports

When using FTPS, you need to open a range of ports for passive data connections. Configure the range and ensure your firewall allows it:

PassivePorts 49152 65534

Complete Configuration

<IfModule mod_tls.c>
    # Enable TLS
    TLSEngine on
    TLSLog /var/log/proftpd/tls.log

    # Certificate files
    TLSRSACertificateFile /etc/proftpd/ssl/cert.pem
    TLSRSACertificateKeyFile /etc/proftpd/ssl/privkey.pem
    TLSCACertificateFile /etc/proftpd/ssl/chain.pem

    # Protocol versions
    TLSProtocol TLSv1.2 TLSv1.3

    # Cipher suites
    TLSCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

    # Require TLS for all connections
    TLSRequired on

    # Session options
    TLSOptions NoSessionReuseRequired EnableDiags
    TLSTimeoutHandshake 30

    # Client certificates
    TLSVerifyClient off
</IfModule>

# Passive ports
PassivePorts 49152 65534

Security Notes

The cipher suite and protocol configuration in this guide addresses the following known TLS vulnerabilities:

  • POODLE (CVE-2014-3566, 2014): SSL 3.0 is disabled. TLS_FALLBACK_SCSV was added in OpenSSL 1.0.1j / 1.0.2 (October 2014); SSL 3.0 disabled by default in OpenSSL 1.1.0 (August 2016).
  • BEAST (CVE-2011-3389, 2011): Mitigated by recommending TLS 1.2 as the minimum; AEAD-only ciphers eliminate the CBC padding oracle.
  • CRIME (CVE-2012-4929, 2012): TLS compression is off by default in OpenSSL 1.1.0+; do not enable it.
  • Lucky13 (2013): AEAD-only cipher list eliminates CBC padding timing side-channels entirely.
  • FREAK (CVE-2015-0204, 2015): EXPORT-grade ciphers are excluded from the cipher string. Removed from OpenSSL 1.1.0 (August 2016).
  • LOGJAM (CVE-2015-4000, 2015): Short-key DHE is excluded; only ECDHE key exchange is recommended.
  • Sweet32 (CVE-2016-2183, 2016): 3DES is excluded from the cipher string.
  • ROBOT (2017): Static RSA key exchange is excluded; only ECDHE is recommended.
  • Downgrade attacks: TLS_FALLBACK_SCSV prevents protocol version rollback.
  • Renegotiation injection (CVE-2009-3555, 2009): Secure renegotiation is enforced by default in OpenSSL 0.9.8m+; TLS 1.3 removes renegotiation entirely.

The following are not addressable through TLS configuration alone:

  • Heartbleed (CVE-2014-0160, 2014): A memory disclosure bug in OpenSSL 1.0.1 through 1.0.1f. Fixed in OpenSSL 1.0.1g (April 7, 2014). Addressed by patching OpenSSL, not by TLS configuration.
  • BREACH (CVE-2013-3587, 2013): Not applicable. BREACH targets HTTP-level response compression; FTP does not involve HTTP.
  • DROWN (CVE-2016-0800, 2016): Requires SSLv2 to be enabled on any server sharing the same private key. Ensure SSLv2 is disabled on all services that use the same certificate and key pair.

Verification

Check the ProFTPD configuration and restart:

proftpd -t
systemctl restart proftpd

Test with OpenSSL:

openssl s_client -connect ftp.example.com:21 -starttls ftp

For implicit FTPS:

openssl s_client -connect ftp.example.com:990

Test with an FTP client like lftp:

lftp -u username -e "set ftp:ssl-force true; set ssl:verify-certificate yes; ls; quit" ftp.example.com

Check the TLS log for connection details:

tail -f /var/log/proftpd/tls.log

Related Guides

vsftpd

Secure and fast FTP server for Linux.

OpenSSH

Secure remote access and file transfer.

View all File Transfer guides →

Configured TLS? Now Monitor It.

Generator Labs alerts you before certificates expire, get revoked, or fail chain validation, across HTTPS, SMTPS, IMAPS, LDAPS, and more.

Certificate Monitoring →