same
authorAaron Kaplan <aaron@lo-res.org>
Mon, 9 Dec 2013 22:09:11 +0000 (23:09 +0100)
committerAaron Kaplan <aaron@lo-res.org>
Mon, 9 Dec 2013 22:09:11 +0000 (23:09 +0100)
src/applied-crypto-hardening.tex
src/practical_settings/webserver.tex

index c6735c3..9958368 100644 (file)
@@ -208,6 +208,7 @@ morekeywords={__global__, __device__},  %
 \input{scope}
 \input{PKIs}
 \input{ECC}
+\input{DH}
 \input{keylengths}
 \input{RNGs}
 \input{cipher_suites}
index d9672fe..393fe5f 100644 (file)
   # ALL subdomains HAVE TO support https if you use this!
   # Strict-Transport-Security: max-age=15768000 ; includeSubDomains
 
+old:
   SSLCipherSuite 'EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256:EECDH:EDH+aRSA:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!AES128:!CAMELLIA128:!ECDSA:AES256-SHA'
+new:
+  SSLCipherSuite '@@@CIPHERSTRINGB@@@'
+
 \end{lstlisting}
 
 Note again, that any cipher suite starting with ECDHE can be omitted, if in doubt.