I have installed vsftp (opensuse 42.3) and it is working and I created a self signed cert for the ftp site. So SSL is working. The problem is that a second user is required to use the same ftp but without using the SSL cert. IOW they want to use the site without SSL. The reason for this is that they are using a software program that includes a way to access an ftp site but it has no way to deal with SSL. I guess it's old. Is it possible to have different security for different users?

BTW I'm not a vsftp guru so please explain carefully.

Thanks in advance.

Before going down this road you might want to examine security requirements for you organization. If you take credit cards in the US you have to be PCI compliant. Also you might have Sarbanes Oxley (SOX) requirements or others depending on what your organization does. Many of these specifically prohibit use of ftp without ssl so you have to do at least ftps. (Better yet just do sftp and show other organizations how to use WinSCP from their lame Windows systems.) We recently completely disabled inbound ftp for compliance reasons here.

Even if you're not in the U.S. their might be other requirements in you country.