- Service: FTP
- Port: 21
In WHM → Home → Service Configuration → FTP Server Configuration check these settings:
TLS Encryption Support = Required (Command/Data)
TLS Cipher Suite = HIGH:!MEDIUM:!TLSv1:!SSLv2:!SSLv3:!aNULL
Allow Anonymous Logins = No
Allow Anonymous Uploads = No
Then check to make sure only TLS 1.2 is enabled
anna@xps:~$ nmap miss.annahost.org -p 21 --script ssl-enum-ciphers Starting Nmap 7.01 ( https://nmap.org ) at 2018-06-23 19:51 CDT Nmap scan report for miss.annahost.org (162.246.58.251) Host is up (0.044s latency). PORT STATE SERVICE 21/tcp open ftp | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | compressors: | NULL | cipher preference: server |_ least strength: A Nmap done: 1 IP address (1 host up) scanned in 8.38 seconds