TLSEngine on
# Specify TLS/SSL log
-TLSLog /var/log/ftp.tls.log
+TLSLog /var/log/proftpd/tls.log
# Path to CA chain file
-TLSCACertificateFile /etc/ftpd/chain.pem
+#TLSCACertificateFile /etc/proftpd/CA.crt
# Path to certificate file
-TLSRSACertificateFile /etc/ftpd/cert.pem
+TLSRSACertificateFile /etc/proftpd/server.crt
# Path to certificate key file
-TLSRSACertificateKeyFile /etc/ftp/privkey.pem
+TLSRSACertificateKeyFile /etc/proftpd/server.key
# Define available TLS/SSL ciphers (allow only strong ones by default)
TLSCipherSuite HIGH:!kDHd:!aNULL:!aDSS:!eNULL:!DES:!RC4:!RC2:!MD5:!SHA1:!SHA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1:!EXP:!EXPORT56:!LOW:!MEDIUM:!ADH:!DSS:!NULL
-# Allow TLSv1.2 only
-TLSProtocol TLSv1.2
+# Allow TLSv1.2 and TLSv1.3
+TLSProtocol TLSv1.2 TLSv1.3
# Don't verify client certificates
TLSVerifyClient off