> proftpd server is still too "promiscuous", it still allows lftp client
> users with just SSLv2 or just SSLv3 to connect.


mod_tls specifically disables support for SSLv2, so I'd be _very_
surprised if your SSLv2 clients can succesfully login.

> So, what changes do I need to achieve this project restriction?


The error message you are seeing is caused by a SSL/TLS protocol mismatch
between the FTPS client you're using, and your proftpd+mod_tls
installation, as I already stated. To achieve your needs, you need to
ensure that the FTPS clients and mod_tls are using the same SSL/TLS
version.

> Also, if possible, I'd like to keep the proftpd.conf directive as
> TLSProtocol TLSv1
> (not TLSProtocol SSLv23),
> to keep the project management and systems administrators from getting
> worried that their systems security has been downgraded! Would that be
> at all possible?


If your project management and system administrator base their judgments
solely on reading the config file, without bothering to read the
documentation for the directive in question:

http://www.castaglia.org/proftpd/mod...ml#TLSProtocol

which, by the way, mentions that SSLv2 is prohibited, then I think you
have other issues to worry about.

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Know thyself.

-Anonymous

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?p...rge&CID=DEVDEV
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html