From: Simon Ruderich <simon@ruderich.org>
Date: Sat, 30 Mar 2013 01:14:50 +0000 (+0100)
Subject: lftp/rc: Add sane SSL settings.
X-Git-Url: https://ruderich.org/simon/gitweb/?p=config%2Fdotfiles.git;a=commitdiff_plain;h=cabf61c0763cf91a7b4fe48ec1e0775ae12e7d5e

lftp/rc: Add sane SSL settings.

Which they aren't by default :-(
---

diff --git a/lftp/rc b/lftp/rc
index 1d76629..f94041b 100644
--- a/lftp/rc
+++ b/lftp/rc
@@ -32,6 +32,19 @@ set bmk:save-passwords yes
 # automated jobs.
 set net:max-retries 1
 
+# If SSL is used make sure the data connection is encrypted as well. This
+# should be the default behavior!.
+set ftp:ssl-protect-data yes
+set ftp:ssl-protect-fxp yes
+# Same for control connections (default).
+set ftp:ssl-protect-list yes
+# Make sure SSL is not dropped after a successful login (default).
+set ftp:ssl-use-ccc no
+# And verify the certificate and hostname, otherwise encryption doesn't matter
+# (default).
+set ssl:check-hostname yes
+set ssl:verify-certificate yes
+
 
 # ALIASES