From: berq Date: Thu, 26 Dec 2013 10:38:19 +0000 (+0100) Subject: Merge remote-tracking branch 'upstream/master' X-Git-Url: https://git.bettercrypto.org/ach-master.git/commitdiff_plain/a30c309a3f6063d0d1c7191e6b6db8a226dd1969 Merge remote-tracking branch 'upstream/master' Conflicts: src/practical_settings/DBs.tex --- a30c309a3f6063d0d1c7191e6b6db8a226dd1969 diff --cc src/practical_settings/DBs.tex index 2131b90,9a175e3..b370be1 --- a/src/practical_settings/DBs.tex +++ b/src/practical_settings/DBs.tex @@@ -36,10 -48,8 +48,15 @@@ ssl-cipher=EECDH+aRSA+AESGCM:EECDH+aRSA % in case you have the need for further justifications why you chose this and that setting or if the settings do not fit into the standard Variant A or Variant B schema, please document this here \item[References:] ++<<<<<<< HEAD ++{\small \url{https://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html}} + + +% add any further references or best practice documents here ++======= + {\small \url{https://dev.mysql.com/doc/refman/5.5/en/ssl-connections.html}} + ++>>>>>>> upstream/master \item[How to test:] @@@ -52,26 -62,47 +69,62 @@@ show variables like '%ssl%' \end{description} + %% ---------------------------------------------------------------------- + \subsubsection{DB2} + \begin{description} + \item[Tested with Version:] not tested + \item[References:] + {\small \url{http://pic.dhe.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.sec.doc%2Fdoc%2Fc0053544.html}} - + \paragraph*{ssl\_cipherspecs}\mbox{}\\ + In the link above the whole SSL-configuration is described in-depth. The following command shows only how to set the recommended ciphersuites. + \begin{lstlisting}[breaklines] + # recommended and supported ciphersuites + + db2 update dbm cfg using SSL_CIPHERSPECS + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + ++<<<<<<< HEAD +\subsubsection{DB2} +\todo{write this} + +% + +% ssl_ciphersepcs v9r7: +% http://pic.dhe.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.config.doc%2Fdoc%2Fr0053617.html + +% Configuring Secure Sockets Layer (SSL) support in a DB2 instance v9r7 +% http://pic.dhe.ibm.com/infocenter/db2luw/v10r5/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.sec.doc%2Fdoc%2Fc0053544.html + + ++======= + \end{lstlisting} ++>>>>>>> upstream/master + \end{description} + %% ---------------------------------------------------------------------- - \subsubsection{Postgresql} + \subsubsection{PostgreSQL} \begin{description} \item[Tested with Version:] Debian 7.0 and PostgreSQL 9.1