From 75c942c77aa575143c5b75637e64a925ad12641a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= <olysonek@redhat.com>
Date: Thu, 21 Dec 2017 16:38:40 +0100
Subject: [PATCH 43/59] Enable only TLSv1.2 by default

Disable TLSv1 and TLSv1.1 - enable only TLSv1.2 by default.
---
 tunables.c    | 6 +++---
 vsftpd.conf.5 | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/tunables.c b/tunables.c
index 354251c..9680528 100644
--- a/tunables.c
+++ b/tunables.c
@@ -211,9 +211,9 @@ tunables_load_defaults()
   tunable_force_local_data_ssl = 1;
   tunable_sslv2 = 0;
   tunable_sslv3 = 0;
-  /* TLSv1 up to TLSv1.2 is enabled by default */
-  tunable_tlsv1 = 1;
-  tunable_tlsv1_1 = 1;
+  tunable_tlsv1 = 0;
+  tunable_tlsv1_1 = 0;
+  /* Only TLSv1.2 is enabled by default */
   tunable_tlsv1_2 = 1;
   tunable_tilde_user_enable = 0;
   tunable_force_anon_logins_ssl = 0;
diff --git a/vsftpd.conf.5 b/vsftpd.conf.5
index 2a7662e..df14027 100644
--- a/vsftpd.conf.5
+++ b/vsftpd.conf.5
@@ -539,7 +539,7 @@ Only applies if
 is activated. If enabled, this option will permit TLS v1 protocol connections.
 TLS v1.2 connections are preferred.
 
-Default: YES
+Default: NO
 .TP
 .B ssl_tlsv1_1
 Only applies if
@@ -547,7 +547,7 @@ Only applies if
 is activated. If enabled, this option will permit TLS v1.1 protocol connections.
 TLS v1.2 connections are preferred.
 
-Default: YES
+Default: NO
 .TP
 .B ssl_tlsv1_2
 Only applies if
-- 
2.14.4