X-Git-Url: https://git.bettercrypto.org/ach-master.git/blobdiff_plain/c0e6903f7c0330044fe82987bcd7cde3dc5c1c4e..5a3ae028c621c4143287bfe6e463da00661e8e1f:/src/practical_settings/vpn.tex/ach-master.git/blobdiff_plain/c0e6903f7c0330044fe82987bcd7cde3dc5c1c4e..5a3ae028c621c4143287bfe6e463da00661e8e1f:/src/practical_settings/vpn.tex diff --git a/src/practical_settings/vpn.tex b/src/practical_settings/vpn.tex index f8b5f89..77cf103 100644 --- a/src/practical_settings/vpn.tex +++ b/src/practical_settings/vpn.tex @@ -101,7 +101,7 @@ vulnerabilities \footnote{\url{http://ikecrack.sourceforge.net/}}. Mode & Main Mode & Main Mode \\ Encryption & AES-256 & AES, CAMELLIA (-256 or -128) \\ Hash & SHA2-* & SHA2-*, SHA1 \\ - DH Group & Group 14, 18 & Group 14, 18 \\ + DH Group & Group 14-18 & Group 14-18 \\ % Lifetime & \todo{need recommendations; 1 day seems to be common % practice} & \\ \bottomrule @@ -272,9 +272,8 @@ auth SHA384 Client and server have to use compatible configurations, otherwise they can't communicate. The \verb|cipher| and \verb|auth| directives have to be identical. -\todo{FIXME: we should use the CIPHERSTRINGB macro here} \begin{lstlisting} -tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA +tls-cipher %*CIPHERSTRINGB*) cipher AES-256-CBC auth SHA384