I followed another thread (/forum/t-274551), and got encryption to work for vsftpd, but only in active mode. This is using tomato shibby:
Firewall: iptables -I INPUT -p tcp --dport 60000:61000 -j ACCEPT
Vsftpd Custom Configuration: ssl_enable=YES allow_anon_ssl=NO require_ssl_reuse=YES force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=NO ssl_sslv2=YES ssl_sslv3=YES rsa_cert_file=/tmp/etc/cert.pem rsa_private_key_file=/tmp/etc/key.pem pasv_enable=YES port_enable=YES pasv_min_port=60000 pasv_max_port=61000
Encrypted active mode works, and unencrypted passive mode works. I've been fooling around with these settings and googling for a few hours. What have I missed?