added mysql settings (but still commented them out, since we are not
authorAaron Kaplan <aaron@lo-res.org>
Tue, 19 Nov 2013 01:00:35 +0000 (02:00 +0100)
committerAaron Kaplan <aaron@lo-res.org>
Tue, 19 Nov 2013 01:00:35 +0000 (02:00 +0100)
sure yet if that is out of scope or not. TBD).  Thanks Berg San in any
case! We at least have that now as a reference.  But if we include
mysql, we need to do Postgresql, DB2, Oracle, etc etc. as well.
This can be too much for this paper. Let's discuss.

src/practical_settings.tex

index 770473c..03cc75f 100644 (file)
@@ -606,6 +606,29 @@ Adi?? }
 \subsubsection{XMPP / Jabber}
 \subsubsection{IRC}
 
+%\subsection{Database Systems}
+%\subsubsection{MySQL}
+%
+%\paragraph*{my.cnf}\mbox{}\\
+%
+%%Tested with Debian 7.0 and MySQL 5.5
+%
+%\begin{lstlisting}[breaklines]
+%[mysqld]
+%ssl
+%ssl-ca=/etc/mysql/ssl/ca-cert.pem
+%ssl-cert=/etc/mysql/ssl/client-cert.pem
+%ssl-key=/etc/mysql/ssl/client-key.pem
+%ssl-cipher=EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256:EECDH:EDH+aRSA:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!AES128:!CAMELLIA128:!ECDSA:AES256-SHA
+%\end{lstlisting}
+%
+%After restarting the server run the following query to see if the ssl settings are correct:
+%\begin{lstlisting}[breaklines]
+%show variables like '%ssl%';
+%\end{lstlisting}
+
+
+
 %%% Local Variables: 
 %%% mode: latex
 %%% TeX-master: "applied-crypto-hardening"