diff --git a/roles/ftpserver/tasks/main.yml b/roles/ftpserver/tasks/main.yml
index 149465e44120a4299735bfdc2c7cce0b0ade95d3..2c8cf02aeea7d69faccdea674b14476994ff5d38 100644
--- a/roles/ftpserver/tasks/main.yml
+++ b/roles/ftpserver/tasks/main.yml
@@ -26,6 +26,29 @@
       AuthGroupFile /etc/proftpd/ftpd.group
       ServerName "{{hostvars[inventory_hostname].ansible_hostname}}"
       AuthOrder mod_auth_file.c
+      PassivePorts                  50000 65534
+  notify: restart-ftp
+
+- name: Touch tls.conf.
+  tags: proftpd-conf-text
+  file:
+    path: /etc/proftpd/conf.d/tls.conf
+    state: touch
+    
+- name: Add TLS to ProFTPd.
+  tags: proftpd-conf-text
+  blockinfile:
+    path: /etc/proftpd/conf.d/tls.conf
+    block: |
+      TLSEngine on
+      TLSRequired on
+      TLSRSACertificateFile  /etc/eci-platform/pub/certificate.key
+      TLSRSACertificateKeyFile /etc/eci-platform/priv/certificate.key
+      TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired
+      TLSCipherSuite ALL :!ADH:!DES
+      TLSVerifyClient off
+      TLSRenegotiate required off
+      TLSLog /var/log/proftpd/tls.log
   notify: restart-ftp