FTPeS (aka "explicit FTP over TLS"; used to be "over SSL" but as you know TLS now replaces SSL)
First let me say I am in great debt to the makers of Virtualmin/Webmin/Usermin... much thanks!!
Now, on to FTPeS!
There are several flavors of FTP, but the current supported encrypted FTP is called FTPeS (Explicit FTP over TLS)
Note that you *CAN* run both SFTP (SSH) and FTPeS (FTP) at the same time, no conflicts
The only problem I had with FTPeS was that my ISP has an older "shared firewall" and could not support my FTPeS configuration, so I asked that they move me outside their shared firewall, which required they give me new IP addresses (I run my own firewall)
ProFTP has a good page on how to configure FTPeS at http://www.proftpd.org/docs/howto/TLS.html
Or you could google for it at https://www.google.com/search?q=how+configure+explicit+ftp+over+tls
I run Virtualmin GPL on Debian 6 (haven't upgraded to Debian 7 yet, am waiting for the dust to settle)
1) if you don't have ProFTPd and OpenSSL installed, you'll need them
[bash #] apt-get install proftpd openssl
(if you are asked, select "standalone" for proftpd)
2) edit /etc/proftpd/proftpd.conf and make sure of the following
PassivePorts 59000 59999
ServerIdent on "FTP Server ready."
3) edit /etc/proftpd/tls.conf
TLSProtocol SSLv3 TLSv1
TLSRenegotiate required off
TLSOptions AllowClientRenegotiations NoCertRequest NoSessionReuseRequired
(if you require TLS, then normal FTP will be blocked)
4) generate 10 year self-signed certs
[bash #] openssl req -new -x509 -days 3650 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem
[bash #] chmod 600 ftpd-rsa-key.pem
5) restart ProFTPd
[bash #] /etc/init.d/proftpd restart
6) test locally
[bash #] openssl s_client -connect 127.0.0.1:21 -starttls ftp
If you get a "Session-ID" then it worked.