Merge branch 'master' of https://git.bettercrypto.org/ach-master
authorsebix <szebi@gmx.at>
Wed, 25 Dec 2013 20:45:18 +0000 (21:45 +0100)
committersebix <szebi@gmx.at>
Wed, 25 Dec 2013 20:45:18 +0000 (21:45 +0100)
Conflicts:
src/practical_settings/DBs.tex
src/practical_settings/vpn.tex

1  2 
src/practical_settings/DBs.tex
src/practical_settings/vpn.tex

@@@ -2,31 -2,36 +2,33 @@@
  % This list is based on : http://en.wikipedia.org/wiki/Relational_database_management_system#Market_share
  
  %% ---------------------------------------------------------------------- 
 -\subsubsection{Oracle}
 -\begin{description}
 -\item[Tested with Version:] not tested
 +\subsection{Oracle}
 +%\subsubsection{Tested with Version}
 +\todo{not tested yet}
  
 -\item[References:] (German)
 -{\small \url{http://www.telekom.com/static/-/155996/7/technische-sicherheitsanforderungen-si}}
 +\subsubsection{References}
 +\begin{itemize}
 +  \item Technical safety requirements by \emph{Deutsche Telekom AG} (German). Please read section 17.12 or pages 129 and following (Req 396 and Req 397) about SSL and ciphersuites \url{http://www.telekom.com/static/-/155996/7/technische-sicherheitsanforderungen-si}
 +\end{itemize}
  
 -Please read the following pages about SSL and ciphersuites:\\
 -p. 129 -Req 396 and Req 397 \\
 -
 -\end{description}
  
  %% ---------------------------------------------------------------------- 
+ \subsubsection{SQL Server}
  \todo{write this}
  
  
 -
  %% ---------------------------------------------------------------------- 
 -\subsubsection{MySQL}
 -
 -\begin{description}
 -\item[Tested with Version:] Debian 7.0 and MySQL 5.5
 +\subsection{MySQL}
 +\subsubsection{Tested with Version}
 +\begin{itemize}
 +  \item Debian 7.0 and MySQL 5.5
 +\end{itemize}
  
 -\item[Settings:] \mbox{}
  
 -\paragraph*{my.cnf}\mbox{}\\
 -
 -\begin{lstlisting}[breaklines]
 +\subsubsection{Settings}
 +\paragraph*{my.cnf}
 +\begin{lstlisting}
  [mysqld]
  ssl
  ssl-ca=/etc/mysql/ssl/ca-cert.pem
@@@ -252,17 -267,12 +252,11 @@@ that is then negotiated as usual with T
  and \verb|auth| options both take a single argument that must match on
  client and server.
  
 -\paragraph{Server Configuration}\mbox{}
 +\paragraph{Server Configuration}\mbox{}\\
- % this is only a DoS-protection, out of scope:
- % # TLS Authentication
- % tls-auth ta.key
- \todo{FIXME: we should use the CIPHERSTRINGB  macro here}
- % previous:
- % tls-cipher
- % ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:AES256-SHA
  % the cipherlist here is config B without the ECDHE strings, because
  % it must fit in 256 bytes...
- \begin{lstlisting}
+ % DO NOT CHANGE TO THE CIPHERSTRING MACRO!
 -\begin{lstlisting}[breaklines]
  tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
  cipher AES-256-CBC
  auth SHA384
  Client and server have to use compatible configurations, otherwise they can't communicate.
  The \verb|cipher| and \verb|auth| directives have to be identical.
  
 -\begin{lstlisting}[breaklines]
+ % the cipherlist here is config B without the ECDHE strings, because
+ % it must fit in 256 bytes...
+ % DO NOT CHANGE TO THE CIPHERSTRING MACRO!
- tls-cipher %*CIPHERSTRINGB*)
 +\begin{lstlisting}
+ tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
  cipher AES-256-CBC
  auth SHA384