Isso vem da documentação on-line da ProFTPD :
<IfModule mod_dso.c>
# If mod_tls was built as a shared/DSO module, load it
LoadModule mod_tls.c
</IfModule>
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/ftpd/tls.log
# Support both SSLv3 and TLSv1
TLSProtocol SSLv3 TLSv1
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired off
# Server's certificate
TLSRSACertificateFile /etc/ftpd/server.cert.pem
TLSRSACertificateKeyFile /etc/ftpd/server.key.pem
# CA the server trusts
TLSCACertificateFile /etc/ftpd/root.cert.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none
</IfModule>
Verifique todas as possíveis diretrizes relacionadas a TLS / SSL aqui .
Você também deve verificar a cadeia de certificados. Você pode fazer isso usando ferramentas padrão, como OpenSSL :