git.bettercrypto.org / ach-master.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added bug report by @bong0 for OpenVPN 2.3.2
[ach-master.git] / TODO.md
diff --git a/TODO.md b/TODO.md
index 0353149..5e34d43 100644 (file)
--- a/TODO.md
+++ b/TODO.md
@@ -1,3 +1,16 @@
+Bug Fixes
+=========
+Reported by: @Wims80 http://twitter.com/wims80/status/425770704693239808
+Section Apache 2.1.1 recommends Rewrite instead of Redirect. Should be 301! (We correctly recommend 301 in the nginx section.)
+
+
+2014-02-11 19:41
+OpenVPN cipher string doesn't work with 2.3.2 according to: @bong0.
+tlc-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-128-CBC-SHA:TLS-RSA-WITH-AES-128-CBC-SHA
+http://twitter.com/bong0/status/433306823001526272
+http://twitter.com/bong0/status/433307537375387648
+http://nopaste.info/d194fdaa78.html
+
 
 BIG TOPICS
 ==========
@@ -39,6 +52,8 @@ Website
 People with outdated browsers (winXP) etc can't see our webpage. --> make a landing page explaining 
 how to updated the browser :)
 
+Improve the wording on the cert.at Mailing list website so people don't get confused and know that they ended up on the correct site and list.
+
 
 Formatting
 ==========
@@ -97,11 +112,22 @@ Contents
   Mysql: put in \%*\cipherstringB*) in the config!
   Oracle: mark this as "we do not test this here, since we only reference other papers for Oracle so far"
   DB2: mark this as "we do not test this here, since we only reference other papers for Oracle so far"
+  sed -i /IMB Db2/IBM DB2/g
+
+* theory/PKI.tex line 120: "a previously created certificate" --> "a previously created key"!
+
 
 * Webservers:
   Header Strict-Transport-Security "... includeSubDomains": we need to meed to mention that this can be a big pitfall.
   Also do some more research on this!
-  For example: http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec#section-6.1
+  For example: https://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec#section-6.1
+  fix lighttpd HTTP redirection and env vars
+  lighthttpd: ssl.ec-curve = "secp384"
+    ssl.dh-file = "/etc/lighttpd/dhparams-group16.pem"
+       ssl.ec-curve = "secp384r1"
+
+* GPG.tex:
+  keep it "Howto" not "How-to"
 
 * IM:
   fix the subsubsection{XMPP/ Jabber} part. There seems to be a mix up here ? Maybe? --> check again
applied crypto hardening (master repo)