Merge pull request #13 from berq/patch-13
authorAaronK <aaron@lo-res.org>
Mon, 16 Dec 2013 20:02:53 +0000 (12:02 -0800)
committerAaronK <aaron@lo-res.org>
Mon, 16 Dec 2013 20:02:53 +0000 (12:02 -0800)
oracle - points to the telekom technische sicherheitsanforderungen

1  2 
src/practical_settings/DBs.tex

@@@ -2,7 -2,14 +2,14 @@@
  % This list is based on : http://en.wikipedia.org/wiki/Relational_database_management_system#Market_share
  
  \subsubsection{Oracle}
- \todo{write this}
+ \item[Tested with Version:] not tested
+ \item[References:] (German)
+ {\small \url{www.telekom.com/static/-/155996/7/technische-sicherheitsanforderungen-si}}
+ Please read the following pages about SSL and ciphersuites:\\
+ p. 129 -Req 396 and Req 397 \\
  
  \subsubsection{SQL Server}
  \todo{write this}
@@@ -52,50 -59,15 +59,50 @@@ show variables like '%ssl%'
  \end{description}
  
  
 -
 -
 -
 -
  \subsubsection{DB2}
 -\todo{write this}
 +\begin{description}
 +\item[Tested with Version:] not tested
  
 +\item[References:]
 +{\small \url{http://pic.dhe.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.sec.doc%2Fdoc%2Fc0053544.html}}
  
  
 +\paragraph*{ssl_cipherspecs}\mbox{}\\
 +In the link above the whole SSL-Configuration is in-depth described. The following command shows only the recommended ciphersuites.
 +\begin{lstlisting}[breaklines]
 +% it's out of scope to describe the whole SSL procedure
 +% # fully qualified path of the key database file
 +%db2 update dbm cfg using SSL_SVR_KEYDB /home/dba/sqllib/security/keystore/key.kdb
 +%
 +%# fully qualified path of the stash file
 +%db2 update dbm cfg using SSL_SVR_STASH /home/dba/sqllib/security/keystore/mydbserver.sth
 +%
 +%# label of the digital certificate of the server
 +%db2 update dbm cfg using SSL_SVR_LABEL myselfsigned
 +%
 +# recommended and supported ciphersuites 
 +
 +db2 update dbm cfg using SSL_CIPHERSPECS 
 +TLS_RSA_WITH_AES_256_CBC_SHA256,
 +TLS_RSA_WITH_AES_128_GCM_SHA256,
 +TLS_RSA_WITH_AES_128_CBC_SHA256,
 +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 +TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
 +TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
 +TLS_RSA_WITH_AES_256_GCM_SHA384,
 +TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 +TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
 +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
 +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
 +TLS_RSA_WITH_AES_256_CBC_SHA,
 +TLS_RSA_WITH_AES_128_CBC_SHA,
 +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 +TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 +
 +\end{lstlisting}
  
  
  \subsubsection{Postgresql}
@@@ -141,3 -113,8 +148,3 @@@ psql "sslmode=require host=postgres-ser
  
  \end{description}
  
 -
 -
 -
 -\subsubsection{Informix}
 -\todo{write this}