Pascal Knecht [Wed, 26 Jun 2019 07:17:41 +0000 (09:17 +0200)]
add quotation mark in add_header HSTS directive
Nginx http header values need quotation mark to take effects. See https://nginx.org/en/docs/http/ngx_http_headers_module.html
aaronkaplan [Wed, 19 Dec 2018 22:23:32 +0000 (23:23 +0100)]
Revert "Add a new TODO in ASCIIDOC to track feature requests"
sorry, wrong branch. Please use the v20-preparations branch
This reverts commit
9a69563bee1d847a0f1d8337f9bb95c9800b752d.
Michael Schwartzkopff [Wed, 12 Dec 2018 12:24:01 +0000 (13:24 +0100)]
Add a new TODO in ASCIIDOC to track feature requests
AaronK [Mon, 14 May 2018 15:25:31 +0000 (17:25 +0200)]
Merge pull request #144 from sebix/feedback-riedel
feedback from Torge Riedel on mailinglist
Aaron Zauner [Sat, 28 Apr 2018 02:39:16 +0000 (04:39 +0200)]
Merge pull request #143 from ryru/openpgp
OpenPGP and GnuPG rework
Sebastian Wagner [Fri, 22 Dec 2017 13:07:24 +0000 (14:07 +0100)]
feedback from Torge Riedel on mailinglist
Pascal K [Wed, 13 Dec 2017 10:44:52 +0000 (11:44 +0100)]
add paragraph about end of support of gnupg version 2.0.x
Pascal K [Wed, 13 Dec 2017 09:07:46 +0000 (10:07 +0100)]
reduce RSA key size
Pascal K [Sat, 24 Jun 2017 21:16:51 +0000 (23:16 +0200)]
fix comment line character
Pascal K [Tue, 20 Jun 2017 08:03:30 +0000 (10:03 +0200)]
add expiration parameter
Pascal K [Mon, 19 Jun 2017 20:59:32 +0000 (22:59 +0200)]
simplyfy GnuPG description
Pascal K [Mon, 19 Jun 2017 20:46:45 +0000 (22:46 +0200)]
fix: add preferences documentation
Pascal K [Sun, 11 Jun 2017 16:01:13 +0000 (18:01 +0200)]
add me in acknowledgments
Pascal K [Sun, 11 Jun 2017 15:43:54 +0000 (17:43 +0200)]
rework section openpgp
Pascal K [Sun, 11 Jun 2017 15:34:25 +0000 (17:34 +0200)]
fix pdf issues in section openpgp
Pascal K [Sun, 11 Jun 2017 15:27:59 +0000 (17:27 +0200)]
fix typos in openpgp section
Pascal K [Sun, 11 Jun 2017 13:36:25 +0000 (15:36 +0200)]
fix latex pdf generation
Pascal K [Sun, 11 Jun 2017 13:02:23 +0000 (15:02 +0200)]
add key generation subsection to openpgp section
Pascal K [Sun, 11 Jun 2017 12:12:39 +0000 (14:12 +0200)]
add ECC subsection in openpgp section
Pascal K [Sun, 11 Jun 2017 12:03:10 +0000 (14:03 +0200)]
rework and update openpgp section
Pascal K [Sun, 11 Jun 2017 09:47:56 +0000 (11:47 +0200)]
change openpgp section title and label
Aaron Zauner [Sat, 6 May 2017 14:47:48 +0000 (16:47 +0200)]
remove dangerously out-of-date Linux/haveged info
AaronK [Sun, 23 Apr 2017 11:35:26 +0000 (13:35 +0200)]
Merge pull request #142 from kravietz/master
invite people to contribute on the main page
Pawel Krawczyk (qubes) [Sun, 23 Apr 2017 11:27:21 +0000 (12:27 +0100)]
typo
Pawel Krawczyk (qubes) [Sun, 23 Apr 2017 10:54:24 +0000 (11:54 +0100)]
invite people to contribute on the main page
Aaron Zauner [Sun, 23 Apr 2017 03:47:21 +0000 (05:47 +0200)]
Merge pull request #126 from tarleb/openssh-moduli
Generate OpenSSH compatible moduli from IKE DH groups
Aaron Zauner [Sat, 4 Mar 2017 11:19:26 +0000 (11:19 +0000)]
Merge pull request #141 from stasic/patch-4
updated SSH-Version-Strings
Arsen Stasic [Wed, 22 Feb 2017 08:09:29 +0000 (09:09 +0100)]
updated SSH-Version-Strings
David DURVAUX [Wed, 8 Feb 2017 16:32:17 +0000 (17:32 +0100)]
Add intro to Let's Encrypt section
David DURVAUX [Thu, 12 Jan 2017 09:00:23 +0000 (10:00 +0100)]
Put lock on let's encrypt section
Aaron Zauner [Wed, 11 Jan 2017 17:00:12 +0000 (18:00 +0100)]
Merge pull request #132 from ypid/fix/tinc-key-size
Fix tinc maximum key size. Should be 8192.
Aaron Zauner [Sun, 1 Jan 2017 14:07:50 +0000 (15:07 +0100)]
Merge pull request #138 from burghardt/openvpn-warn-blf
Add paragraph "Insecure ciphers" on Sweet32 attack on Blowfish and DES.
Krzysztof Burghardt [Sat, 31 Dec 2016 13:04:25 +0000 (14:04 +0100)]
Add paragraph "Insecure ciphers" on Sweet32 attack on Blowfish and (3)DES ciphers.
Aaron Zauner [Sat, 31 Dec 2016 04:39:33 +0000 (05:39 +0100)]
Merge pull request #137 from burghardt/openvpn-config
Get rid of deprecated configuration options for OpenVPN version 2.3.10.
Krzysztof Burghardt [Wed, 28 Dec 2016 18:42:54 +0000 (19:42 +0100)]
Prefer Galois/Counter Mode (GCM) over Cipher Block Chaining (CBC) mode. Use the same cipher preferences for server and client.
Krzysztof Burghardt [Fri, 23 Dec 2016 01:01:32 +0000 (02:01 +0100)]
Tested OpenVPN 2.3.10 from Ubuntu Xenial 16.04.1 LTS linked against openssl.
Krzysztof Burghardt [Fri, 23 Dec 2016 01:00:32 +0000 (02:00 +0100)]
Converted cipher names to IANA format to get rid of message: "Deprecated TLS cipher name, please use IANA name."
OpenVPN option line is limited to 256 characters and IANA format is longer
than OpenSSL one. Following ciphers where removed to keep length limit:
- DHE-RSA-CAMELLIA128-SHA (IANA name TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA),
- DHE-RSA-AES128-SHA (TLS-DHE-RSA-WITH-AES-128-CBC-SHA),
- CAMELLIA256-SHA (TLS-RSA-WITH-CAMELLIA-256-CBC-SHA),
- AES256-SHA (TLS-RSA-WITH-AES-256-CBC-SHA),
- CAMELLIA128-SHA (TLS-RSA-WITH-CAMELLIA-128-CBC-SHA),
- AES128-SHA (TLS-RSA-WITH-AES-128-CBC-SHA).
Krzysztof Burghardt [Fri, 23 Dec 2016 00:59:04 +0000 (01:59 +0100)]
Use verify-x509-name option to avoid message: "DEPRECATED OPTION: --tls-remote, please update your configuration".
Adi Kriegisch [Tue, 20 Dec 2016 14:28:02 +0000 (15:28 +0100)]
fix broken merge
Adi Kriegisch [Tue, 20 Dec 2016 14:20:52 +0000 (15:20 +0100)]
Merge ../Applied-Crypto-Hardening
Conflicts:
CONTRIBUTING.md
Aaron Zauner [Tue, 20 Dec 2016 13:36:37 +0000 (14:36 +0100)]
add ML link
Aaron Zauner [Tue, 20 Dec 2016 13:24:45 +0000 (14:24 +0100)]
remove italics in getting started section
Aaron Zauner [Tue, 20 Dec 2016 13:19:31 +0000 (14:19 +0100)]
s/issues/PRs
Aaron Zauner [Tue, 20 Dec 2016 12:27:48 +0000 (13:27 +0100)]
add intro to TeX
Aaron Zauner [Tue, 20 Dec 2016 12:27:48 +0000 (13:27 +0100)]
add intro to TeX
Aaron Zauner [Tue, 20 Dec 2016 12:21:31 +0000 (13:21 +0100)]
add git intro to CONTRIBUTING.md
Aaron Zauner [Tue, 20 Dec 2016 12:11:18 +0000 (13:11 +0100)]
add textual links
Aaron Zauner [Tue, 20 Dec 2016 11:47:38 +0000 (12:47 +0100)]
merge FAQ content into CONTRIBUTING
Aaron Zauner [Tue, 20 Dec 2016 11:42:44 +0000 (12:42 +0100)]
FAQ.md as symlink
Aaron Zauner [Tue, 20 Dec 2016 11:41:46 +0000 (12:41 +0100)]
extend CONTRIBUTING.md, remove obsolete FAQ.md
Aaron Zauner [Tue, 20 Dec 2016 11:36:12 +0000 (12:36 +0100)]
add CONTRIBUTING.md file for github PRs
Sebastian Wagner [Tue, 13 Dec 2016 17:54:02 +0000 (18:54 +0100)]
Merge branch 'florianbeer-patch-1'
Florian Beer [Tue, 13 Dec 2016 10:26:15 +0000 (11:26 +0100)]
Remove Factorable Key Check Service link
The keycheck service is no longer available.
Robin Schneider [Mon, 19 Sep 2016 14:05:42 +0000 (16:05 +0200)]
Fix tinc maximum key size. Should be 8192.
```shell
tincd -n NETNAME -K8196
Generating 8192 bits keys:
```
Refs: https://www.tinc-vpn.org/pipermail/tinc/2014-January/003539.html
Related to: https://github.com/debops/ansible-tinc/pull/33
Sebastian Wagner [Mon, 12 Sep 2016 09:36:59 +0000 (11:36 +0200)]
Merge pull request #131 from pixelart/tested-apache-centos7
Add tested with Apache 2.4.6, CentOS Linux 7 (Core) with OpenSSL 1.0.1e
Patrik Karisch [Mon, 12 Sep 2016 08:48:54 +0000 (10:48 +0200)]
Add tested with Apache 2.4.6, CentOS Linux 7 (Core) with OpenSSL 1.0.1e
Aaron Zauner [Mon, 20 Jun 2016 03:32:09 +0000 (11:32 +0800)]
Merge pull request #128 from maartenvhb/caa
Added Certificate Authorization Authority records and corrected a few…
Maarten Van Horenbeeck [Sat, 18 Jun 2016 07:44:31 +0000 (16:44 +0900)]
Added Certificate Authorization Authority records and corrected a few typos in my name
Aaron Zauner [Fri, 1 Apr 2016 21:33:44 +0000 (23:33 +0200)]
Merge pull request #127 from dawud/support/troopers16_presentation_fixes
troopers16 presentation fixes
David Sastre Medina [Wed, 30 Mar 2016 19:11:48 +0000 (20:11 +0100)]
troopers16 presentation fixes
- correction of some typos
- line breaks for readability
- remove trailing whitespace
- rebuild slides.pdf
Albert Krewinkel [Sun, 27 Mar 2016 08:04:45 +0000 (10:04 +0200)]
Generate OpenSSH compatible moduli with IKE DH groups
ECRYPT II (and consequently this guide) recommends using Diffie-Hellman
groups as defined in RFC 3526 if DH parameters are configurable. Unlike
PEM files, no OpenSSH comparatible moduli file is provided by the
tools. This adds a simple script and the necessary Makefile rules to
generate a moduli file from txt files.
Aaron Zauner [Sun, 27 Mar 2016 12:30:42 +0000 (14:30 +0200)]
Merge pull request #125 from ivuk/fix-typos
Minor typo fixes
Igor Vuk [Sat, 26 Mar 2016 13:01:42 +0000 (14:01 +0100)]
Remove an extra space char in PKIs.tex
Igor Vuk [Sat, 26 Mar 2016 13:00:32 +0000 (14:00 +0100)]
Remove trailing spaces in PKIs.tex
Igor Vuk [Sat, 26 Mar 2016 12:56:45 +0000 (13:56 +0100)]
Fix a typo in PKIs.tex
Igor Vuk [Sat, 26 Mar 2016 12:49:11 +0000 (13:49 +0100)]
Fix trailing spaces in recommended.tex
Igor Vuk [Sat, 26 Mar 2016 12:47:26 +0000 (13:47 +0100)]
Fix typos in recommended.tex
Aaron Zauner [Fri, 25 Mar 2016 10:47:41 +0000 (11:47 +0100)]
Merge pull request #124 from ivuk/fix-typos
Minor typo fixes and an URL update
Igor Vuk [Thu, 24 Mar 2016 19:10:38 +0000 (20:10 +0100)]
Remove trailing spaces in im.tex
Igor Vuk [Thu, 24 Mar 2016 19:08:20 +0000 (20:08 +0100)]
Update the OTR URL in im.tex
Igor Vuk [Thu, 24 Mar 2016 19:05:01 +0000 (20:05 +0100)]
Fix a typo in vpn.tex
Igor Vuk [Thu, 24 Mar 2016 18:59:39 +0000 (19:59 +0100)]
Remove trailing spaces in mailserver.tex
Igor Vuk [Thu, 24 Mar 2016 18:56:57 +0000 (19:56 +0100)]
Fix typos in mailserver.tex
Aaron Zauner [Thu, 24 Mar 2016 14:26:48 +0000 (15:26 +0100)]
Merge pull request #123 from ivuk/fix-typos
Minor typo fixes
Igor Vuk [Wed, 23 Mar 2016 19:19:18 +0000 (20:19 +0100)]
Remove a trailing space in mailserver.tex
Igor Vuk [Wed, 23 Mar 2016 19:18:14 +0000 (20:18 +0100)]
Fix a typo in mailserver.tex
Igor Vuk [Wed, 23 Mar 2016 19:11:04 +0000 (20:11 +0100)]
Fix a typo in webserver.tex
Igor Vuk [Wed, 23 Mar 2016 19:04:29 +0000 (20:04 +0100)]
Remove trailing spaces in howtoread.tex
Igor Vuk [Wed, 23 Mar 2016 18:58:57 +0000 (19:58 +0100)]
Fix a typo in howtoread.tex
Sebastian [Wed, 23 Mar 2016 20:33:35 +0000 (21:33 +0100)]
Merge pull request #122 from ivuk/fix-typo-faq
Minor fixes for FAQ.md
Igor Vuk [Wed, 23 Mar 2016 18:52:36 +0000 (19:52 +0100)]
Add https:// prefix to bettercrypto.org URL
Igor Vuk [Wed, 23 Mar 2016 18:50:55 +0000 (19:50 +0100)]
Fix a typo in FAQ.md
Aaron Zauner [Thu, 17 Mar 2016 13:16:35 +0000 (14:16 +0100)]
add pdf slides
Aaron Zauner [Thu, 17 Mar 2016 13:15:44 +0000 (14:15 +0100)]
add TROOPERS16 presentation
Sebastian [Wed, 9 Mar 2016 10:32:18 +0000 (11:32 +0100)]
Merge pull request #121 from tarleb/postfix-config-update
Always log Postfix TLS connections, fix for different postfix versions
According to docs http://www.postfix.org/postconf.5.html#smtpd_tls_loglevel
loglevel 1 gives a summary for all versions above 2.2
tested on wheezy with 2.9
Albert Krewinkel [Wed, 9 Mar 2016 08:24:44 +0000 (09:24 +0100)]
Always log TLS connection info in Postfix
TLS connection details are useful information and should always be
logged.
Albert Krewinkel [Tue, 8 Mar 2016 22:27:18 +0000 (23:27 +0100)]
Remove duplicate parameters from Postfix/main.cf
Two `readme_directory` parameters are one too many. Same for
`myorigin`.
fixup! Remove duplicate parameter from Postfix/main.cf
Aaron Zauner [Thu, 3 Mar 2016 23:23:53 +0000 (00:23 +0100)]
Merge pull request #90 from malexmave/ejabberd-update
Updated for newer versions of ejabberd
AaronK [Wed, 2 Mar 2016 22:57:06 +0000 (23:57 +0100)]
Merge pull request #120 from BetterCrypto/DROWN-fixes
Drown fixes
aaronkaplan [Wed, 2 Mar 2016 08:56:28 +0000 (09:56 +0100)]
remove Draft text. We are not draft anymore. This document has been around quite long now and been tested against multiple attacks over time.
aaronkaplan [Wed, 2 Mar 2016 08:55:01 +0000 (09:55 +0100)]
fix Exim against DROWN
aaronkaplan [Wed, 2 Mar 2016 08:45:40 +0000 (09:45 +0100)]
update postfix settings due to DROWN attack
Sebastian [Sun, 28 Feb 2016 20:01:21 +0000 (21:01 +0100)]
Merge pull request #119 from tarleb/ecrypt-url-fix
Fix URL of ECRYPT II report
Albert Krewinkel [Sun, 28 Feb 2016 18:13:35 +0000 (19:13 +0100)]
Fix URL of ECRYPT II report
It seems that the URL of the ECRYPT II report is no longer valid.
Add missing URL part to get a valid URL again.
Aaron Zauner [Wed, 27 Jan 2016 11:00:24 +0000 (12:00 +0100)]
Merge pull request #118 from
2001db8/ESA_update_201601
Ironport/ESA changes to meet current GD versions and tested versions
Jens Roesen [Tue, 19 Jan 2016 14:50:37 +0000 (15:50 +0100)]
Changes to meet current GD versions
Complemented list of tested versions and changed limitations to meet the
changes in the GD releases.
Max Maass [Sun, 17 Jan 2016 14:21:49 +0000 (15:21 +0100)]
Clear up wording for older configs
Max Maass [Wed, 13 Jan 2016 10:35:55 +0000 (11:35 +0100)]
Add information about DH param compatibility
Max Maass [Sun, 27 Dec 2015 18:54:21 +0000 (19:54 +0100)]
Implement change requests by @sebix
Max Maass [Sun, 27 Dec 2015 16:08:26 +0000 (17:08 +0100)]
Add custom DH parameters