求教：proftpd ftps失败

darking358

proftpd安装好，需要使用ftps，连接提示，L500 U not understand
ssl协商失败，client发送client hello后，server直接回configuration。。。，提示L500 U not understand

怎么弄啊


conf


# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "ProFTPD Default Installation"
ServerType                      standalone
DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21

# Don't use IPv6 support by default.
UseIPv6                         off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30

# Set the user and group under which the server will run.
User                            root
Group                           root

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite          on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
  User                          ftp
  Group                         ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients                    10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                  welcome.msg
  DisplayChdir                  .message

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>



<IfModule mod_tls.c>
        TLSEngine on
        TLSLog /var/ftpd/tls.log

        # Support both SSLv3 and TLSv1
        TLSProtocol SSLv23 TLSv1

        # Are clients required to use FTP over TLS when talking to this server?
#       TLSRequired off
        TLSRequired on

        # Server's certificate
        TLSRSACertificateFile /etc/pki/tls/certs/cserver.cert
        TLSRSACertificateKeyFile /etc/pki/tls/certs/cserver.key

        # CA the server trusts
        TLSCACertificateFile /etc/pki/tls/certs/ccacert.pem

        # Authenticate clients that want to use FTP over TLS?
        TLSVerifyClient off

        # Allow SSL/TLS renegotiations when the client requests them, but
        # do not force the renegotations.  Some clients do not support
        # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
        # clients will close the data connection, or there will be a timeout
        # on an idle data connection.
#       TLSRenegotiate none
        TLSRenegotiate required off

        <VirtualHost 10.6.30.44>
                TLSOptions UseImplicitSSL
                # The "standard" implicit FTPS port is 990
                Port 990


                DefaultRoot             ~
                AllowOverwrite          on
                Umask                   022
                PassivePorts            50000 50020
        </VirtualHost>
</IfModule>