Comment 2 for bug 1381840

I hope I am following the proper procedures for security patches, as I am new to Ubuntu development and did my best to follow the packaging guide. The following debdiff patch fixes this issue by disabling SSLv3 using the -S flag included with the TLSCipherSuite parameter. You can verify the bug by running ./testssl.sh --starttls ftp localhost:21 (script from http://testssl.sh/testssl.sh) and checking that SSLv3 is enabled in the output. To test, the patch below was applied and the package rebuilt using pbuilder in a clean environment. The output deb file was applied over the currently available trusty version on a virtual machine without issue. The filezilla client was used to ensure normal operation of the ftp server. Re-running ./testssl.sh --starttls ftp localhost:21 then showed SSLv3 to be disabled. This issue was fixed in Debian version 1.0.36-3 meaning no future versions of Ubuntu are affected. I chose to use the -S flag rather than the Debian fix of including !SSLv3 in TLSCipherSuite because that also disables TLSv1 and TLSv1.1 (all 3 share the same cipher suites). I can also submit a branch merge request if that method is preferred.