Merge remote-tracking branch 'upstream/master'
authorberq <bs@cyontris.eu>
Thu, 26 Dec 2013 10:38:19 +0000 (11:38 +0100)
committerberq <bs@cyontris.eu>
Thu, 26 Dec 2013 10:38:19 +0000 (11:38 +0100)
Conflicts:
src/practical_settings/DBs.tex

1  2 
src/practical_settings/DBs.tex

@@@ -1,15 -1,27 +1,27 @@@
  %%\subsection{Database Systems}
  % This list is based on : http://en.wikipedia.org/wiki/Relational_database_management_system#Market_share
  
+ %% ---------------------------------------------------------------------- 
  \subsubsection{Oracle}
- \todo{write this}
+ \begin{description}
+ \item[Tested with Version:] not tested
  
- \subsubsection{SQL Server}
- \todo{write this}
+ \item[References:] (German)
+ {\small \url{http://www.telekom.com/static/-/155996/7/technische-sicherheitsanforderungen-si}}
+ Please read the following pages about SSL and ciphersuites:\\
+ p. 129 -Req 396 and Req 397 \\
+ \end{description}
+ %% ---------------------------------------------------------------------- 
+ %%\subsubsection{SQL Server}
+ %%\todo{write this}
  
  
  
  
+ %% ---------------------------------------------------------------------- 
  \subsubsection{MySQL}
  
  \begin{description}
@@@ -23,8 -35,8 +35,8 @@@
  [mysqld]
  ssl
  ssl-ca=/etc/mysql/ssl/ca-cert.pem
 -ssl-cert=/etc/mysql/ssl/client-cert.pem
 -ssl-key=/etc/mysql/ssl/client-key.pem
 +ssl-cert=/etc/mysql/ssl/server-cert.pem
 +ssl-key=/etc/mysql/ssl/server-key.pem
  ssl-cipher=EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256:EECDH:EDH+aRSA:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!AES128:!CAMELLIA128:!ECDSA:AES256-SHA
  \end{lstlisting}
  
  % in case you have the need for further justifications why you chose this and that setting or if the settings do not fit into the standard Variant A or Variant B schema, please document this here
  
  \item[References:]
++<<<<<<< HEAD
 ++{\small \url{https://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html}}
 +
 +
 +% add any further references or best practice documents here
++=======
+ {\small \url{https://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html}}
++>>>>>>> upstream/master
  
  \item[How to test:]
  
@@@ -52,26 -62,47 +69,62 @@@ show variables like '%ssl%'
  \end{description}
  
  
+ %% ---------------------------------------------------------------------- 
+ \subsubsection{DB2}
+ \begin{description}
+ \item[Tested with Version:] not tested
  
+ \item[References:]
+ {\small \url{http://pic.dhe.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.sec.doc%2Fdoc%2Fc0053544.html}}
  
  
+ \paragraph*{ssl\_cipherspecs}\mbox{}\\
+ In the link above the whole SSL-configuration is described in-depth. The following command shows only how to set the recommended ciphersuites.
+ \begin{lstlisting}[breaklines]
+ # recommended and supported ciphersuites 
+ db2 update dbm cfg using SSL_CIPHERSPECS 
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
++<<<<<<< HEAD
 +\subsubsection{DB2}
 +\todo{write this}
 +
 +% 
 +
 +% ssl_ciphersepcs v9r7:
 +% http://pic.dhe.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.config.doc%2Fdoc%2Fr0053617.html
 +
 +% Configuring Secure Sockets Layer (SSL) support in a DB2 instance v9r7
 +% http://pic.dhe.ibm.com/infocenter/db2luw/v10r5/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.sec.doc%2Fdoc%2Fc0053544.html
 +
 +
++=======
+ \end{lstlisting}
++>>>>>>> upstream/master
  
+ \end{description}
  
+ %% ---------------------------------------------------------------------- 
  
- \subsubsection{Postgresql}
+ \subsubsection{PostgreSQL}
  
  \begin{description}
  \item[Tested with Version:] Debian 7.0 and PostgreSQL 9.1
  
  It's recommended to read 
  
 -{\small \url{http://www.postgresql.org/docs/X.X/interactive/runtime-config-connection.html\#RUNTIME-CONFIG-CONNECTION-SECURITY}}
 -(please change X.X with your preferred version e.g. 9.1).
 +{\small \url{http://www.postgresql.org/docs/current/static/runtime-config-connection.html#RUNTIME-CONFIG-CONNECTION-SECURITY}}
 +{\small \url{http://www.postgresql.org/docs/current/static/ssl-tcp.html}}
 +{\small \url{http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html}}
  
  \item[Settings:] \mbox{}
  
@@@ -115,8 -145,3 +168,3 @@@ psql "sslmode=require host=postgres-ser
  
  \end{description}
  
- \subsubsection{Informix}
- \todo{write this}