# 生成1024位RSA有效期10年的私钥
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

# 设置权限
chmod 600 /etc/vsftpd/vsftpd.pem
chown root:root /etc/vsftpd/vsftpd.pem

# 编辑VSFTP文件
vi /etc/vsftpd/vsftpd.conf

# 开启SSL连接。Set up SSL for FTP connections
ssl_enable=YES

# 允许匿名用户使用SSL连接。To allow anonymous users to use SSL
allow_anon_ssl=YES

# 强制匿名用户使用SSL连接。To force anonymous users to use SSL
force_anon_data_ssl=YES
force_anon_logins_ssl=YES

# 强制普通用户使用SSL连接。To force local users to use SSL
force_local_data_ssl=YES
force_local_logins_ssl=YES

# 支持SSL加密的版本。The following option depend of the authentication mode you require
ssl_tlsv1=YES for TLS
ssl_sslv2=YES for SSL Version 2
ssl_sslv3=YES for SSL Version 3

# 设置SSL证书位置。This values must be adjust according with you environment
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem

# 锁定用户在自身根目录。Place root restrictions
chroot_local_user=YES

# 设置被动FTP使用的端口范围。Specify the range of ports
pasv_min_port=30000
pasv_max_port=31000

测试:
lftp -d -u anonymous -e ‘set ftp:ssl-force true’ 192.168.1.192

PS:https://access.redhat.com/solutions/3436