From cabf61c0763cf91a7b4fe48ec1e0775ae12e7d5e Mon Sep 17 00:00:00 2001
From: Simon Ruderich <simon@ruderich.org>
Date: Sat, 30 Mar 2013 02:14:50 +0100
Subject: [PATCH] lftp/rc: Add sane SSL settings.

Which they aren't by default :-(
---
 lftp/rc | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/lftp/rc b/lftp/rc
index 1d76629..f94041b 100644
--- a/lftp/rc
+++ b/lftp/rc
@@ -32,6 +32,19 @@ set bmk:save-passwords yes
 # automated jobs.
 set net:max-retries 1
 
+# If SSL is used make sure the data connection is encrypted as well. This
+# should be the default behavior!.
+set ftp:ssl-protect-data yes
+set ftp:ssl-protect-fxp yes
+# Same for control connections (default).
+set ftp:ssl-protect-list yes
+# Make sure SSL is not dropped after a successful login (default).
+set ftp:ssl-use-ccc no
+# And verify the certificate and hostname, otherwise encryption doesn't matter
+# (default).
+set ssl:check-hostname yes
+set ssl:verify-certificate yes
+
 
 # ALIASES
 
-- 
2.44.1