-\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA}
+\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA}
\section{Cipher suites}
\label{section:CipherSuites}
-\todo{team: section \ref{section:CipherSuites} is currently a bit messy. Re-do it}
+%\todo{team: section \ref{section:CipherSuites} is currently a bit messy. Re-do it}
\subsection{Architectural overview }
\input{"./theory/cipher_suites/compatibility.tex"}
-\subsection{Choosing your own cipher suites}
-\label{section:ChoosingYourOwnCipherSuites}
-\input{"./theory/cipher_suites/choosing.tex"}
+% XXX author: (Adi) can we either have this completed or removed? XXX
+%\subsection{Choosing your own cipher suites}
+%\label{section:ChoosingYourOwnCipherSuites}
+%\input{"./theory/cipher_suites/choosing.tex"}
OpenSSL $\ge$ 1.0.1e, Safari 6 / iOS 6.0.1 and Safar 7 / OS X 10.9
are covered by that cipher string.
-In case you need to support other/different clients, see information
-about choosing your own cipher string in section
-\ref{section:ChoosingYourOwnCipherSuites}.
+% XXX author: (Adi) this depends on the chosing your own cipher chapter XXX
+%In case you need to support other/different clients, see information
+%about choosing your own cipher string in section
+%\ref{section:ChoosingYourOwnCipherSuites}.
\subsubsection{Configuration B: Weaker ciphers but better compatibility}
workload on the provisioning hardware.
-\textbf{All further examples in this publication use Configuration B}.\\
+\textbf{All examples in this publication use Configuration B}.\\
We arrived at this set of cipher suites by selecting:
\ttbox{\cipherStringB}
\todo{make a column for cipher chaining mode}
-\ctable[caption={Configuration B ciphers},label=tab:conf-b]{lllllll}{}{%
+\ctable[pos=ht,caption={Configuration B ciphers},label=tab:conf-b]{lllllll}{}{%
\FL \textbf{ID} & \textbf{OpenSSL Name} & \textbf{Version} & \textbf{KeyEx} & \textbf{Auth} & \textbf{Cipher} & \textbf{MAC}
\ML \texttt{0x009F} & DHE-RSA-AES256-GCM-SHA384 & TLSv1.2 & DH & RSA & AESGCM(256) & AEAD
\NN \texttt{0x006B} & DHE-RSA-AES256-SHA256 & TLSv1.2 & DH & RSA & AES(256) & SHA256