# This is not a working ProFTPD configuration file. It just
# contains the mod_gnutls parameters.

# for OpenPGP key authentication. Remove them
# to disable.
TLSPGPCertificateFile /proftpd/openpgp/pub.asc
TLSPGPCertificateKeyFile /proftpd/openpgp/sec.asc

# for SRP authentication. This is to enable SRP authentication
# which authenticates using a username-password pair.
# To enable it system-wide with a PAM module look at
# http://srp.stanford.edu/
TLSSRPPasswdFile /proftpd/srp/tpasswd
TLSSRPPasswdConfFile /proftpd/srp/tpasswd.conf

# Certificates for plain X.509 authentication.
TLSRSACertificateFile /proftpd/x509/cert.pem
TLSRSACertificateKeyFile /proftpd/x509/key.pem
TLSDSACertificateFile /proftpd/x509/cert-dsa.pem
TLSDSACertificateKeyFile /proftpd/x509/key-dsa.pem
TLSCACertificateFile /proftpd/x509/ca.pem

#TLSRequired on
TLSEngine on

# Parameter files, to avoid regenerating every
# time. Regenerating could be very expensive both
# in CPU time, but exhausts the /dev/random.
TLSDHParamFile /proftpd/dh.pem
TLSRSAParamFile /proftpd/rsa.pem

TLSLog /proftpd/tlslog

# Timeout the handshake after 10 seconds.
TLSTimeoutHandshake 10

TLSOptions AllowSRPLogin AllowDotLogin

TLSCiphers AES-256 AES-128 3DES ARCFOUR-128 ARCFOUR-40
TLSMAC SHA1 MD5
TLSProtocol TLSv1 SSLv3
TLSKeyExchange RSA-EXPORT RSA DHE-RSA DHE-DSS ANON-DH SRP SRP-RSA SRP-DSS
TLSCompression DEFLATE NULL

#TLSVerifyClient on