Merge remote-tracking branch 'upstream/master'
authorberq <bs@cyontris.eu>
Thu, 26 Dec 2013 10:38:19 +0000 (11:38 +0100)
committerberq <bs@cyontris.eu>
Thu, 26 Dec 2013 10:38:19 +0000 (11:38 +0100)
Conflicts:
src/practical_settings/DBs.tex

src/practical_settings/DBs.tex

index 9a175e3..b370be1 100644 (file)
@@ -35,8 +35,8 @@ p. 129 -Req 396 and Req 397 \\
 [mysqld]
 ssl
 ssl-ca=/etc/mysql/ssl/ca-cert.pem
-ssl-cert=/etc/mysql/ssl/client-cert.pem
-ssl-key=/etc/mysql/ssl/client-key.pem
+ssl-cert=/etc/mysql/ssl/server-cert.pem
+ssl-key=/etc/mysql/ssl/server-key.pem
 ssl-cipher=EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256:EECDH:EDH+aRSA:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!AES128:!CAMELLIA128:!ECDSA:AES256-SHA
 \end{lstlisting}
 
@@ -48,8 +48,15 @@ ssl-cipher=EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256
 % in case you have the need for further justifications why you chose this and that setting or if the settings do not fit into the standard Variant A or Variant B schema, please document this here
 
 \item[References:]
+<<<<<<< HEAD
++{\small \url{https://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html}}
+
+
+% add any further references or best practice documents here
+=======
 {\small \url{https://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html}}
 
+>>>>>>> upstream/master
 
 \item[How to test:]
 
@@ -96,7 +103,22 @@ TLS_RSA_WITH_AES_128_CBC_SHA,
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 
+<<<<<<< HEAD
+\subsubsection{DB2}
+\todo{write this}
+
+% 
+
+% ssl_ciphersepcs v9r7:
+% http://pic.dhe.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.config.doc%2Fdoc%2Fr0053617.html
+
+% Configuring Secure Sockets Layer (SSL) support in a DB2 instance v9r7
+% http://pic.dhe.ibm.com/infocenter/db2luw/v10r5/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.sec.doc%2Fdoc%2Fc0053544.html
+
+
+=======
 \end{lstlisting}
+>>>>>>> upstream/master
 
 \end{description}
 
@@ -111,8 +133,9 @@ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 
 It's recommended to read 
 
-{\small \url{http://www.postgresql.org/docs/X.X/interactive/runtime-config-connection.html\#RUNTIME-CONFIG-CONNECTION-SECURITY}}
-(please change X.X with your preferred version e.g. 9.1).
+{\small \url{http://www.postgresql.org/docs/current/static/runtime-config-connection.html#RUNTIME-CONFIG-CONNECTION-SECURITY}}
+{\small \url{http://www.postgresql.org/docs/current/static/ssl-tcp.html}}
+{\small \url{http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html}}
 
 \item[Settings:] \mbox{}