Revert "use cipherstring b in openvpn", because it breaks it, and put
authorcm <cm@coretec.at>
Wed, 25 Dec 2013 20:08:51 +0000 (21:08 +0100)
committercm <cm@coretec.at>
Wed, 25 Dec 2013 20:11:35 +0000 (21:11 +0100)
in big warnings :-)

This reverts commit 41091bb2c3fe5396d6c8d9261236068a12726f91.

src/practical_settings.tex
src/practical_settings/vpn.tex

index 855a785..5cd2485 100644 (file)
@@ -17,7 +17,7 @@
 
 %\newpage
 \section{VPNs}
-\input{"./practical_settings/vpn_generated.tex"}
+\input{"./practical_settings/vpn.tex"}
 
 
 %\newpage
index eeeb154..503b607 100644 (file)
@@ -269,15 +269,9 @@ client and server.
 
 \paragraph{Server Configuration}\mbox{}
 
-% this is only a DoS-protection, out of scope:
-% # TLS Authentication
-% tls-auth ta.key
-\todo{FIXME: we should use the CIPHERSTRINGB  macro here}
-% previous:
-% tls-cipher
-% ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:AES256-SHA
 % the cipherlist here is config B without the ECDHE strings, because
 % it must fit in 256 bytes...
+% DO NOT CHANGE TO THE CIPHERSTRING MACRO!
 \begin{lstlisting}[breaklines]
 tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
 cipher AES-256-CBC
@@ -289,8 +283,11 @@ auth SHA384
 Client and server have to use compatible configurations, otherwise they can't communicate.
 The \verb|cipher| and \verb|auth| directives have to be identical.
 
+% the cipherlist here is config B without the ECDHE strings, because
+% it must fit in 256 bytes...
+% DO NOT CHANGE TO THE CIPHERSTRING MACRO!
 \begin{lstlisting}[breaklines]
-tls-cipher @@@CIPHERSTRINGB@@@
+tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
 cipher AES-256-CBC
 auth SHA384