Hi, Reading the config docs, and briefly examining the source, it seems as if explicit SSL is supported (AUTH TLS) but that there's no way to disallow login if the session hasn't been secured.
1. Have I got that wrong? 2. Does anyone have any opinion on the best place to add that feature? My (naive?) instinct is to add a test in org.apache.ftpserver.command.imp.USER or possibly PASS. Thanks, John -- "There is no way to peace; peace is the way"
