пре 5 година · 6c570a9453
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 
				 
			
 
				 ## [CURRENT] - Development
			
 
				 ### Features
			
 
				+- Use stronger ciphers and Disable TLS v1.1 for vsftpd.
			
 
				 
			
 
				 ### Bugfixes
			
 
				 - Create mailhelo.conf if it doesnt exist to prevent a error message during grep.
			
--- a/install/deb/vsftpd/vsftpd.conf
+++ b/install/deb/vsftpd/vsftpd.conf
@@ -31,10 +31,10 @@ utf8_filesystem=YES
 
				 ssl_enable=YES
			
 
				 allow_anon_ssl=NO
			
 
				 require_ssl_reuse=NO
			
 
				-ssl_ciphers=HIGH
			
 
				-ssl_tlsv1=NO
			
 
				+ssl_ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
			
 
				 ssl_sslv2=NO
			
 
				 ssl_sslv3=NO
			
 
				+ssl_tlsv1=NO
			
 
				 force_local_data_ssl=NO
			
 
				 force_local_logins_ssl=NO
			
 
				 rsa_cert_file=/usr/local/hestia/ssl/certificate.crt
			
--- a/install/upgrade/versions/latest.sh
+++ b/install/upgrade/versions/latest.sh
@@ -14,4 +14,12 @@ $BIN/v-update-web-templates
 
				 echo "[ ! ] Updating default mail domain templates..."
			
 
				 $BIN/v-update-mail-templates
			
 
				 echo "[ ! ] Updating default DNS zone templates..."
			
 
				-$BIN/v-update-dns-templates
			
 
				+$BIN/v-update-dns-templates
			
 
				+
			
 
				+# Enhance Vsftpd security
			
 
				+if [ "$FTP_SYSTEM" = "vsftpd" ]; then
			
 
				+    echo "[ ! ] Hardening Vsftpd TLS configuration..."
			
 
				+    cp -f /etc/vsftpd.conf $HESTIA_BACKUP/conf/
			
 
				+    cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/
			
 
				+    chmod 644 /etc/vsftpd.conf
			
 
				+fi