Merge remote-tracking branch 'upstream/master'

author berq <bs@cyontris.eu>

Thu, 26 Dec 2013 10:38:19 +0000 (11:38 +0100)

committer berq <bs@cyontris.eu>

Thu, 26 Dec 2013 10:38:19 +0000 (11:38 +0100)
author berq <bs@cyontris.eu>
Thu, 26 Dec 2013 10:38:19 +0000 (11:38 +0100)
committer berq <bs@cyontris.eu>
Thu, 26 Dec 2013 10:38:19 +0000 (11:38 +0100)
diff --cc src/practical_settings/DBs.tex

index 2131b90,9a175e3..b370be1
--- 1/src/practical_settings/DBs.tex
--- 2/src/practical_settings/DBs.tex
+++ b/src/practical_settings/DBs.tex
@@@ -36,10 -48,8 +48,15 @@@ ssl-cipher=EECDH+aRSA+AESGCM:EECDH+aRSA
   % in case you have the need for further justifications why you chose this and that setting or if the settings do not fit into the standard Variant A or Variant B schema, please document this here
   
   \item[References:]
++<<<<<<< HEAD
+ ++{\small \url{https://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html}}
+ +
+ +
+ +% add any further references or best practice documents here
++=======
+ {\small \url{https://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html}}
+ 
++>>>>>>> upstream/master
   
   \item[How to test:]
   
@@@ -52,26 -62,47 +69,62 @@@ show variables like '%ssl%'
   \end{description}
   
   
+ %% ---------------------------------------------------------------------- 
+ \subsubsection{DB2}
+ \begin{description}
+ \item[Tested with Version:] not tested
   
+ \item[References:]
+ {\small \url{http://pic.dhe.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.sec.doc%2Fdoc%2Fc0053544.html}}
   
   
- 
+ \paragraph*{ssl\_cipherspecs}\mbox{}\\
+ In the link above the whole SSL-configuration is described in-depth. The following command shows only how to set the recommended ciphersuites.
+ \begin{lstlisting}[breaklines]
+ # recommended and supported ciphersuites 
+ 
+ db2 update dbm cfg using SSL_CIPHERSPECS 
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ 
++<<<<<<< HEAD
+ +\subsubsection{DB2}
+ +\todo{write this}
+ +
+ +% 
+ +
+ +% ssl_ciphersepcs v9r7:
+ +% http://pic.dhe.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.config.doc%2Fdoc%2Fr0053617.html
+ +
+ +% Configuring Secure Sockets Layer (SSL) support in a DB2 instance v9r7
+ +% http://pic.dhe.ibm.com/infocenter/db2luw/v10r5/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.sec.doc%2Fdoc%2Fc0053544.html
+ +
+ +
++=======
+ \end{lstlisting}
++>>>>>>> upstream/master
   
+ \end{description}
   
+ %% ---------------------------------------------------------------------- 
   
- \subsubsection{Postgresql}
+ \subsubsection{PostgreSQL}
   
   \begin{description}
   \item[Tested with Version:] Debian 7.0 and PostgreSQL 9.1
author	berq <bs@cyontris.eu>
	Thu, 26 Dec 2013 10:38:19 +0000 (11:38 +0100)
committer	berq <bs@cyontris.eu>
	Thu, 26 Dec 2013 10:38:19 +0000 (11:38 +0100)