FTP

  • Service:  FTP
  • Port: 21

In WHM → Home → Service Configuration → FTP Server Configuration check these settings:

TLS Encryption Support = Required (Command/Data)

TLS Cipher Suite = HIGH:!MEDIUM:!TLSv1:!SSLv2:!SSLv3:!aNULL

Allow Anonymous Logins = No

Allow Anonymous Uploads = No

Then check to make sure only TLS 1.2 is enabled
anna@xps:~$ nmap miss.annahost.org -p 21 --script ssl-enum-ciphers

Starting Nmap 7.01 ( https://nmap.org ) at 2018-06-23 19:51 CDT
Nmap scan report for miss.annahost.org (162.246.58.251)
Host is up (0.044s latency).
PORT   STATE SERVICE
21/tcp open  ftp
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 8.38 seconds