2 \gdef\currentsectionname{DBs}
3 %%\subsection{Database Systems}
4 % This list is based on : https://en.wikipedia.org/wiki/Relational_database_management_system#Market_share
6 %% ----------------------------------------------------------------------
8 \subsubsection{Tested with Versions}
10 \item We do not test this here, since we only reference other papers for Oracle so far.
14 \subsubsection{References}
16 \item Technical safety requirements by \emph{Deutsche Telekom AG} (German). Please read section 17.12 or pages 129 and following (Req 396 and Req 397) about SSL and ciphersuites \url{http://www.telekom.com/static/-/155996/7/technische-sicherheitsanforderungen-si}
21 %% ----------------------------------------------------------------------
22 %%\subsection{SQL Server}
27 %% ----------------------------------------------------------------------
31 \subsubsection{Tested with Versions}
33 \item Debian Wheezy and MySQL 5.5
37 \subsubsection{Settings}
38 \configfile{my.cnf}{31-31,104-109}{SSL configuration fo MySQL}
41 %\subsubsection{Additional settings}
44 %\subsubsection{Justification for special settings (if needed)}
45 % in case you have the need for further justifications why you chose this and that setting or if the settings do not fit into the standard Variant A or Variant B schema, please document this here
48 \subsubsection{References}
50 \item MySQL Documentation on SSL Connections.\\\url{https://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html}
54 \subsubsection{How to test}
55 After restarting the server run the following query to see if the ssl settings are correct:
57 show variables like '%ssl%';
61 %% ----------------------------------------------------------------------
63 \subsubsection{Tested with Version}
65 \item We do not test this here, since we only reference other papers for DB2 so far.
69 \subsubsection{Settings}
70 \paragraph{ssl\_cipherspecs:}
71 In the link above the whole SSL-configuration is described in-depth. The following command shows only how to set the recommended ciphersuites.
73 # recommended and supported ciphersuites
75 db2 update dbm cfg using SSL_CIPHERSPECS
76 TLS_RSA_WITH_AES_256_CBC_SHA256,
77 TLS_RSA_WITH_AES_128_GCM_SHA256,
78 TLS_RSA_WITH_AES_128_CBC_SHA256,
79 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
80 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
81 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
82 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
83 TLS_RSA_WITH_AES_256_GCM_SHA384,
84 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
85 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
86 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
87 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
88 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
89 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
90 TLS_RSA_WITH_AES_256_CBC_SHA,
91 TLS_RSA_WITH_AES_128_CBC_SHA,
92 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
93 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
97 \subsubsection{References}
99 \item IBM Db2 Documentation on \emph{Supported cipher suites}.\\\url{http://pic.dhe.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=\%2Fcom.ibm.db2.luw.admin.sec.doc\%2Fdoc\%2Fc0053544.html}
102 %% ----------------------------------------------------------------------
104 \subsection{PostgreSQL}
105 \subsubsection{Tested with Versions}
107 \item Debian Wheezy and PostgreSQL 9.1
108 \item Linux Mint 14 nadia / Ubuntu 12.10 quantal with PostgreSQL 9.1+136 and OpenSSL 1.0.1c
112 \subsubsection{Settings}
113 \configfile{9.1/postgresql.conf}{80-81}{Enabling SSL in PostgreSQL}
115 To start in SSL mode the server.crt and server.key must exist in the server's data directory \$PGDATA.
117 Starting with version 9.2, you have the possibility to set the path manually.
118 \configfile{9.3/postgresql.conf}{85-87}{Certificate locations in PostgreSQL \(\geq\) 9.2}
122 \subsubsection{References}
124 \item It's recommended to read ``Security and Authentication'' in the manual\footnote{\url{http://www.postgresql.org/docs/9.1/interactive/runtime-config-connection.html}}.
125 \item PostgreSQL Documentation on \emph{Secure TCP/IP Connections with SSL}: \url{http://www.postgresql.org/docs/9.1/static/ssl-tcp.html}
126 \item PostgreSQL Documentation on \emph{host-based authentication}: \url{http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html}
130 \subsubsection{How to test}
131 To test your ssl settings, run psql with the sslmode parameter:
133 psql "sslmode=require host=postgres-server dbname=database" your-username