same

author Aaron Kaplan <aaron@lo-res.org>

Mon, 9 Dec 2013 22:09:11 +0000 (23:09 +0100)

committer Aaron Kaplan <aaron@lo-res.org>

Mon, 9 Dec 2013 22:09:11 +0000 (23:09 +0100)
author Aaron Kaplan <aaron@lo-res.org>
Mon, 9 Dec 2013 22:09:11 +0000 (23:09 +0100)
committer Aaron Kaplan <aaron@lo-res.org>
Mon, 9 Dec 2013 22:09:11 +0000 (23:09 +0100)
diff --git a/src/applied-crypto-hardening.tex b/src/applied-crypto-hardening.tex

index c6735c3..9958368 100644 (file)
--- a/src/applied-crypto-hardening.tex
+++ b/src/applied-crypto-hardening.tex
@@ -208,6 +208,7 @@ morekeywords={__global__, __device__},  %
  \input{scope}
  \input{PKIs}
  \input{ECC}
+\input{DH}
  \input{keylengths}
  \input{RNGs}
  \input{cipher_suites}
diff --git a/src/practical_settings/webserver.tex b/src/practical_settings/webserver.tex

index d9672fe..393fe5f 100644 (file)
--- a/src/practical_settings/webserver.tex
+++ b/src/practical_settings/webserver.tex
@@ -18,7 +18,11 @@
    # ALL subdomains HAVE TO support https if you use this!
    # Strict-Transport-Security: max-age=15768000 ; includeSubDomains
  
+old:
    SSLCipherSuite 'EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256:EECDH:EDH+aRSA:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!AES128:!CAMELLIA128:!ECDSA:AES256-SHA'
+new:
+  SSLCipherSuite '@@@CIPHERSTRINGB@@@'
+
  \end{lstlisting}
  
  Note again, that any cipher suite starting with ECDHE can be omitted, if in doubt.
author	Aaron Kaplan <aaron@lo-res.org>
	Mon, 9 Dec 2013 22:09:11 +0000 (23:09 +0100)
committer	Aaron Kaplan <aaron@lo-res.org>
	Mon, 9 Dec 2013 22:09:11 +0000 (23:09 +0100)
src/applied-crypto-hardening.tex		patch \| blob \| history
src/practical_settings/webserver.tex		patch \| blob \| history