ach-master.git
5 months agoadd quotation mark in add_header HSTS directive master github/master
Pascal Knecht [Wed, 26 Jun 2019 07:17:41 +0000 (09:17 +0200)]
add quotation mark in add_header HSTS directive

Nginx http header values need quotation mark to take effects. See https://nginx.org/en/docs/http/ngx_http_headers_module.html

11 months agoRevert "Add a new TODO in ASCIIDOC to track feature requests"
aaronkaplan [Wed, 19 Dec 2018 22:23:32 +0000 (23:23 +0100)]
Revert "Add a new TODO in ASCIIDOC to track feature requests"

sorry, wrong branch. Please use the v20-preparations branch

This reverts commit 9a69563bee1d847a0f1d8337f9bb95c9800b752d.

11 months agoAdd a new TODO in ASCIIDOC to track feature requests
Michael Schwartzkopff [Wed, 12 Dec 2018 12:24:01 +0000 (13:24 +0100)]
Add a new TODO in ASCIIDOC to track feature requests

18 months agoMerge pull request #144 from sebix/feedback-riedel
AaronK [Mon, 14 May 2018 15:25:31 +0000 (17:25 +0200)]
Merge pull request #144 from sebix/feedback-riedel

feedback from Torge Riedel on mailinglist

19 months agoMerge pull request #143 from ryru/openpgp
Aaron Zauner [Sat, 28 Apr 2018 02:39:16 +0000 (04:39 +0200)]
Merge pull request #143 from ryru/openpgp

OpenPGP and GnuPG rework

23 months agofeedback from Torge Riedel on mailinglist
Sebastian Wagner [Fri, 22 Dec 2017 13:07:24 +0000 (14:07 +0100)]
feedback from Torge Riedel on mailinglist

23 months agoadd paragraph about end of support of gnupg version 2.0.x
Pascal K [Wed, 13 Dec 2017 10:44:52 +0000 (11:44 +0100)]
add paragraph about end of support of gnupg version 2.0.x

23 months agoreduce RSA key size
Pascal K [Wed, 13 Dec 2017 09:07:46 +0000 (10:07 +0100)]
reduce RSA key size

2 years agofix comment line character
Pascal K [Sat, 24 Jun 2017 21:16:51 +0000 (23:16 +0200)]
fix comment line character

2 years agoadd expiration parameter
Pascal K [Tue, 20 Jun 2017 08:03:30 +0000 (10:03 +0200)]
add expiration parameter

2 years agosimplyfy GnuPG description
Pascal K [Mon, 19 Jun 2017 20:59:32 +0000 (22:59 +0200)]
simplyfy GnuPG description

2 years agofix: add preferences documentation
Pascal K [Mon, 19 Jun 2017 20:46:45 +0000 (22:46 +0200)]
fix: add preferences documentation

2 years agoadd me in acknowledgments
Pascal K [Sun, 11 Jun 2017 16:01:13 +0000 (18:01 +0200)]
add me in acknowledgments

2 years agorework section openpgp
Pascal K [Sun, 11 Jun 2017 15:43:54 +0000 (17:43 +0200)]
rework section openpgp

2 years agofix pdf issues in section openpgp
Pascal K [Sun, 11 Jun 2017 15:34:25 +0000 (17:34 +0200)]
fix pdf issues in section openpgp

2 years agofix typos in openpgp section
Pascal K [Sun, 11 Jun 2017 15:27:59 +0000 (17:27 +0200)]
fix typos in openpgp section

2 years agofix latex pdf generation
Pascal K [Sun, 11 Jun 2017 13:36:25 +0000 (15:36 +0200)]
fix latex pdf generation

2 years agoadd key generation subsection to openpgp section
Pascal K [Sun, 11 Jun 2017 13:02:23 +0000 (15:02 +0200)]
add key generation subsection to openpgp section

2 years agoadd ECC subsection in openpgp section
Pascal K [Sun, 11 Jun 2017 12:12:39 +0000 (14:12 +0200)]
add ECC subsection in openpgp section

2 years agorework and update openpgp section
Pascal K [Sun, 11 Jun 2017 12:03:10 +0000 (14:03 +0200)]
rework and update openpgp section

2 years agochange openpgp section title and label
Pascal K [Sun, 11 Jun 2017 09:47:56 +0000 (11:47 +0200)]
change openpgp section title and label

2 years agoremove dangerously out-of-date Linux/haveged info
Aaron Zauner [Sat, 6 May 2017 14:47:48 +0000 (16:47 +0200)]
remove dangerously out-of-date Linux/haveged info

2 years agoMerge pull request #142 from kravietz/master
AaronK [Sun, 23 Apr 2017 11:35:26 +0000 (13:35 +0200)]
Merge pull request #142 from kravietz/master

invite people to contribute on the main page

2 years agotypo
Pawel Krawczyk (qubes) [Sun, 23 Apr 2017 11:27:21 +0000 (12:27 +0100)]
typo

2 years agoinvite people to contribute on the main page
Pawel Krawczyk (qubes) [Sun, 23 Apr 2017 10:54:24 +0000 (11:54 +0100)]
invite people to contribute on the main page

2 years agoMerge pull request #126 from tarleb/openssh-moduli
Aaron Zauner [Sun, 23 Apr 2017 03:47:21 +0000 (05:47 +0200)]
Merge pull request #126 from tarleb/openssh-moduli

Generate OpenSSH compatible moduli from IKE DH groups

2 years agoMerge pull request #141 from stasic/patch-4
Aaron Zauner [Sat, 4 Mar 2017 11:19:26 +0000 (11:19 +0000)]
Merge pull request #141 from stasic/patch-4

updated SSH-Version-Strings

2 years agoupdated SSH-Version-Strings
Arsen Stasic [Wed, 22 Feb 2017 08:09:29 +0000 (09:09 +0100)]
updated SSH-Version-Strings

2 years agoAdd intro to Let's Encrypt section
David DURVAUX [Wed, 8 Feb 2017 16:32:17 +0000 (17:32 +0100)]
Add intro to Let's Encrypt section

2 years agoPut lock on let's encrypt section
David DURVAUX [Thu, 12 Jan 2017 09:00:23 +0000 (10:00 +0100)]
Put lock on let's encrypt section

2 years agoMerge pull request #132 from ypid/fix/tinc-key-size
Aaron Zauner [Wed, 11 Jan 2017 17:00:12 +0000 (18:00 +0100)]
Merge pull request #132 from ypid/fix/tinc-key-size

Fix tinc maximum key size. Should be 8192.

2 years agoMerge pull request #138 from burghardt/openvpn-warn-blf
Aaron Zauner [Sun, 1 Jan 2017 14:07:50 +0000 (15:07 +0100)]
Merge pull request #138 from burghardt/openvpn-warn-blf

Add paragraph "Insecure ciphers" on Sweet32 attack on Blowfish and DES.

2 years agoAdd paragraph "Insecure ciphers" on Sweet32 attack on Blowfish and (3)DES ciphers.
Krzysztof Burghardt [Sat, 31 Dec 2016 13:04:25 +0000 (14:04 +0100)]
Add paragraph "Insecure ciphers" on Sweet32 attack on Blowfish and (3)DES ciphers.

2 years agoMerge pull request #137 from burghardt/openvpn-config
Aaron Zauner [Sat, 31 Dec 2016 04:39:33 +0000 (05:39 +0100)]
Merge pull request #137 from burghardt/openvpn-config

Get rid of deprecated configuration options for OpenVPN version 2.3.10.

2 years agoPrefer Galois/Counter Mode (GCM) over Cipher Block Chaining (CBC) mode. Use the same...
Krzysztof Burghardt [Wed, 28 Dec 2016 18:42:54 +0000 (19:42 +0100)]
Prefer Galois/Counter Mode (GCM) over Cipher Block Chaining (CBC) mode. Use the same cipher preferences for server and client.

2 years agoTested OpenVPN 2.3.10 from Ubuntu Xenial 16.04.1 LTS linked against openssl.
Krzysztof Burghardt [Fri, 23 Dec 2016 01:01:32 +0000 (02:01 +0100)]
Tested OpenVPN 2.3.10 from Ubuntu Xenial 16.04.1 LTS linked against openssl.

2 years agoConverted cipher names to IANA format to get rid of message: "Deprecated TLS cipher...
Krzysztof Burghardt [Fri, 23 Dec 2016 01:00:32 +0000 (02:00 +0100)]
Converted cipher names to IANA format to get rid of message: "Deprecated TLS cipher name, please use IANA name."

OpenVPN option line is limited to 256 characters and IANA format is longer
than OpenSSL one. Following ciphers where removed to keep length limit:
 - DHE-RSA-CAMELLIA128-SHA (IANA name TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA),
 - DHE-RSA-AES128-SHA (TLS-DHE-RSA-WITH-AES-128-CBC-SHA),
 - CAMELLIA256-SHA (TLS-RSA-WITH-CAMELLIA-256-CBC-SHA),
 - AES256-SHA (TLS-RSA-WITH-AES-256-CBC-SHA),
 - CAMELLIA128-SHA (TLS-RSA-WITH-CAMELLIA-128-CBC-SHA),
 - AES128-SHA (TLS-RSA-WITH-AES-128-CBC-SHA).

2 years agoUse verify-x509-name option to avoid message: "DEPRECATED OPTION: --tls-remote, pleas...
Krzysztof Burghardt [Fri, 23 Dec 2016 00:59:04 +0000 (01:59 +0100)]
Use verify-x509-name option to avoid message: "DEPRECATED OPTION: --tls-remote, please update your configuration".

2 years agofix broken merge
Adi Kriegisch [Tue, 20 Dec 2016 14:28:02 +0000 (15:28 +0100)]
fix broken merge

2 years agoMerge ../Applied-Crypto-Hardening
Adi Kriegisch [Tue, 20 Dec 2016 14:20:52 +0000 (15:20 +0100)]
Merge ../Applied-Crypto-Hardening

Conflicts:
CONTRIBUTING.md

2 years agoadd ML link
Aaron Zauner [Tue, 20 Dec 2016 13:36:37 +0000 (14:36 +0100)]
add ML link

2 years agoremove italics in getting started section
Aaron Zauner [Tue, 20 Dec 2016 13:24:45 +0000 (14:24 +0100)]
remove italics in getting started section

2 years agos/issues/PRs
Aaron Zauner [Tue, 20 Dec 2016 13:19:31 +0000 (14:19 +0100)]
s/issues/PRs

2 years agoadd intro to TeX
Aaron Zauner [Tue, 20 Dec 2016 12:27:48 +0000 (13:27 +0100)]
add intro to TeX

2 years agoadd intro to TeX
Aaron Zauner [Tue, 20 Dec 2016 12:27:48 +0000 (13:27 +0100)]
add intro to TeX

2 years agoadd git intro to CONTRIBUTING.md
Aaron Zauner [Tue, 20 Dec 2016 12:21:31 +0000 (13:21 +0100)]
add git intro to CONTRIBUTING.md

2 years agoadd textual links
Aaron Zauner [Tue, 20 Dec 2016 12:11:18 +0000 (13:11 +0100)]
add textual links

2 years agomerge FAQ content into CONTRIBUTING
Aaron Zauner [Tue, 20 Dec 2016 11:47:38 +0000 (12:47 +0100)]
merge FAQ content into CONTRIBUTING

2 years agoFAQ.md as symlink
Aaron Zauner [Tue, 20 Dec 2016 11:42:44 +0000 (12:42 +0100)]
FAQ.md as symlink

2 years agoextend CONTRIBUTING.md, remove obsolete FAQ.md
Aaron Zauner [Tue, 20 Dec 2016 11:41:46 +0000 (12:41 +0100)]
extend CONTRIBUTING.md, remove obsolete FAQ.md

2 years agoadd CONTRIBUTING.md file for github PRs
Aaron Zauner [Tue, 20 Dec 2016 11:36:12 +0000 (12:36 +0100)]
add CONTRIBUTING.md file for github PRs

2 years agoMerge branch 'florianbeer-patch-1'
Sebastian Wagner [Tue, 13 Dec 2016 17:54:02 +0000 (18:54 +0100)]
Merge branch 'florianbeer-patch-1'

2 years agoRemove Factorable Key Check Service link
Florian Beer [Tue, 13 Dec 2016 10:26:15 +0000 (11:26 +0100)]
Remove Factorable Key Check Service link

The keycheck service is no longer available.

3 years agoFix tinc maximum key size. Should be 8192.
Robin Schneider [Mon, 19 Sep 2016 14:05:42 +0000 (16:05 +0200)]
Fix tinc maximum key size. Should be 8192.

```shell
tincd -n NETNAME -K8196
Generating 8192 bits keys:
```

Refs: https://www.tinc-vpn.org/pipermail/tinc/2014-January/003539.html
Related to: https://github.com/debops/ansible-tinc/pull/33

3 years agoMerge pull request #131 from pixelart/tested-apache-centos7
Sebastian Wagner [Mon, 12 Sep 2016 09:36:59 +0000 (11:36 +0200)]
Merge pull request #131 from pixelart/tested-apache-centos7

Add tested with Apache 2.4.6, CentOS Linux 7 (Core) with OpenSSL 1.0.1e

3 years agoAdd tested with Apache 2.4.6, CentOS Linux 7 (Core) with OpenSSL 1.0.1e
Patrik Karisch [Mon, 12 Sep 2016 08:48:54 +0000 (10:48 +0200)]
Add tested with Apache 2.4.6, CentOS Linux 7 (Core) with OpenSSL 1.0.1e

3 years agoMerge pull request #128 from maartenvhb/caa
Aaron Zauner [Mon, 20 Jun 2016 03:32:09 +0000 (11:32 +0800)]
Merge pull request #128 from maartenvhb/caa

Added Certificate Authorization Authority records and corrected a few…

3 years agoAdded Certificate Authorization Authority records and corrected a few typos in my...
Maarten Van Horenbeeck [Sat, 18 Jun 2016 07:44:31 +0000 (16:44 +0900)]
Added Certificate Authorization Authority records and corrected a few typos in my name

3 years agoMerge pull request #127 from dawud/support/troopers16_presentation_fixes
Aaron Zauner [Fri, 1 Apr 2016 21:33:44 +0000 (23:33 +0200)]
Merge pull request #127 from dawud/support/troopers16_presentation_fixes

troopers16 presentation fixes

3 years agotroopers16 presentation fixes
David Sastre Medina [Wed, 30 Mar 2016 19:11:48 +0000 (20:11 +0100)]
troopers16 presentation fixes

- correction of some typos
- line breaks for readability
- remove trailing whitespace
- rebuild slides.pdf

3 years agoGenerate OpenSSH compatible moduli with IKE DH groups
Albert Krewinkel [Sun, 27 Mar 2016 08:04:45 +0000 (10:04 +0200)]
Generate OpenSSH compatible moduli with IKE DH groups

ECRYPT II (and consequently this guide) recommends using Diffie-Hellman
groups as defined in RFC 3526 if DH parameters are configurable.  Unlike
PEM files, no OpenSSH comparatible moduli file is provided by the
tools.  This adds a simple script and the necessary Makefile rules to
generate a moduli file from txt files.

3 years agoMerge pull request #125 from ivuk/fix-typos
Aaron Zauner [Sun, 27 Mar 2016 12:30:42 +0000 (14:30 +0200)]
Merge pull request #125 from ivuk/fix-typos

Minor typo fixes

3 years agoRemove an extra space char in PKIs.tex
Igor Vuk [Sat, 26 Mar 2016 13:01:42 +0000 (14:01 +0100)]
Remove an extra space char in PKIs.tex

3 years agoRemove trailing spaces in PKIs.tex
Igor Vuk [Sat, 26 Mar 2016 13:00:32 +0000 (14:00 +0100)]
Remove trailing spaces in PKIs.tex

3 years agoFix a typo in PKIs.tex
Igor Vuk [Sat, 26 Mar 2016 12:56:45 +0000 (13:56 +0100)]
Fix a typo in PKIs.tex

3 years agoFix trailing spaces in recommended.tex
Igor Vuk [Sat, 26 Mar 2016 12:49:11 +0000 (13:49 +0100)]
Fix trailing spaces in recommended.tex

3 years agoFix typos in recommended.tex
Igor Vuk [Sat, 26 Mar 2016 12:47:26 +0000 (13:47 +0100)]
Fix typos in recommended.tex

3 years agoMerge pull request #124 from ivuk/fix-typos
Aaron Zauner [Fri, 25 Mar 2016 10:47:41 +0000 (11:47 +0100)]
Merge pull request #124 from ivuk/fix-typos

Minor typo fixes and an URL update

3 years agoRemove trailing spaces in im.tex
Igor Vuk [Thu, 24 Mar 2016 19:10:38 +0000 (20:10 +0100)]
Remove trailing spaces in im.tex

3 years agoUpdate the OTR URL in im.tex
Igor Vuk [Thu, 24 Mar 2016 19:08:20 +0000 (20:08 +0100)]
Update the OTR URL in im.tex

3 years agoFix a typo in vpn.tex
Igor Vuk [Thu, 24 Mar 2016 19:05:01 +0000 (20:05 +0100)]
Fix a typo in vpn.tex

3 years agoRemove trailing spaces in mailserver.tex
Igor Vuk [Thu, 24 Mar 2016 18:59:39 +0000 (19:59 +0100)]
Remove trailing spaces in mailserver.tex

3 years agoFix typos in mailserver.tex
Igor Vuk [Thu, 24 Mar 2016 18:56:57 +0000 (19:56 +0100)]
Fix typos in mailserver.tex

3 years agoMerge pull request #123 from ivuk/fix-typos
Aaron Zauner [Thu, 24 Mar 2016 14:26:48 +0000 (15:26 +0100)]
Merge pull request #123 from ivuk/fix-typos

Minor typo fixes

3 years agoRemove a trailing space in mailserver.tex
Igor Vuk [Wed, 23 Mar 2016 19:19:18 +0000 (20:19 +0100)]
Remove a trailing space in mailserver.tex

3 years agoFix a typo in mailserver.tex
Igor Vuk [Wed, 23 Mar 2016 19:18:14 +0000 (20:18 +0100)]
Fix a typo in mailserver.tex

3 years agoFix a typo in webserver.tex
Igor Vuk [Wed, 23 Mar 2016 19:11:04 +0000 (20:11 +0100)]
Fix a typo in webserver.tex

3 years agoRemove trailing spaces in howtoread.tex
Igor Vuk [Wed, 23 Mar 2016 19:04:29 +0000 (20:04 +0100)]
Remove trailing spaces in howtoread.tex

3 years agoFix a typo in howtoread.tex
Igor Vuk [Wed, 23 Mar 2016 18:58:57 +0000 (19:58 +0100)]
Fix a typo in howtoread.tex

3 years agoMerge pull request #122 from ivuk/fix-typo-faq
Sebastian [Wed, 23 Mar 2016 20:33:35 +0000 (21:33 +0100)]
Merge pull request #122 from ivuk/fix-typo-faq

Minor fixes for FAQ.md

3 years agoAdd https:// prefix to bettercrypto.org URL
Igor Vuk [Wed, 23 Mar 2016 18:52:36 +0000 (19:52 +0100)]
Add https:// prefix to bettercrypto.org URL

3 years agoFix a typo in FAQ.md
Igor Vuk [Wed, 23 Mar 2016 18:50:55 +0000 (19:50 +0100)]
Fix a typo in FAQ.md

3 years agoadd pdf slides
Aaron Zauner [Thu, 17 Mar 2016 13:16:35 +0000 (14:16 +0100)]
add pdf slides

3 years agoadd TROOPERS16 presentation
Aaron Zauner [Thu, 17 Mar 2016 13:15:44 +0000 (14:15 +0100)]
add TROOPERS16 presentation

3 years agoMerge pull request #121 from tarleb/postfix-config-update
Sebastian [Wed, 9 Mar 2016 10:32:18 +0000 (11:32 +0100)]
Merge pull request #121 from tarleb/postfix-config-update

Always log Postfix TLS connections, fix for different postfix versions

According to docs http://www.postfix.org/postconf.5.html#smtpd_tls_loglevel
loglevel 1 gives a summary for all versions above 2.2
tested on wheezy with 2.9

3 years agoAlways log TLS connection info in Postfix
Albert Krewinkel [Wed, 9 Mar 2016 08:24:44 +0000 (09:24 +0100)]
Always log TLS connection info in Postfix

TLS connection details are useful information and should always be
logged.

3 years agoRemove duplicate parameters from Postfix/main.cf
Albert Krewinkel [Tue, 8 Mar 2016 22:27:18 +0000 (23:27 +0100)]
Remove duplicate parameters from Postfix/main.cf

Two `readme_directory` parameters are one too many.  Same for
`myorigin`.

fixup! Remove duplicate parameter from Postfix/main.cf

3 years agoMerge pull request #90 from malexmave/ejabberd-update
Aaron Zauner [Thu, 3 Mar 2016 23:23:53 +0000 (00:23 +0100)]
Merge pull request #90 from malexmave/ejabberd-update

Updated for newer versions of ejabberd

3 years agoMerge pull request #120 from BetterCrypto/DROWN-fixes
AaronK [Wed, 2 Mar 2016 22:57:06 +0000 (23:57 +0100)]
Merge pull request #120 from BetterCrypto/DROWN-fixes

Drown fixes

3 years agoremove Draft text. We are not draft anymore. This document has been around quite... DROWN-fixes
aaronkaplan [Wed, 2 Mar 2016 08:56:28 +0000 (09:56 +0100)]
remove Draft text. We are not draft anymore. This document has been around quite long now and been tested against multiple attacks over time.

3 years agofix Exim against DROWN
aaronkaplan [Wed, 2 Mar 2016 08:55:01 +0000 (09:55 +0100)]
fix Exim against DROWN

3 years agoupdate postfix settings due to DROWN attack
aaronkaplan [Wed, 2 Mar 2016 08:45:40 +0000 (09:45 +0100)]
update postfix settings due to DROWN attack

3 years agoMerge pull request #119 from tarleb/ecrypt-url-fix
Sebastian [Sun, 28 Feb 2016 20:01:21 +0000 (21:01 +0100)]
Merge pull request #119 from tarleb/ecrypt-url-fix

Fix URL of ECRYPT II report

3 years agoFix URL of ECRYPT II report
Albert Krewinkel [Sun, 28 Feb 2016 18:13:35 +0000 (19:13 +0100)]
Fix URL of ECRYPT II report

It seems that the URL of the ECRYPT II report is no longer valid.
Add missing URL part to get a valid URL again.

3 years agoMerge pull request #118 from 2001db8/ESA_update_201601
Aaron Zauner [Wed, 27 Jan 2016 11:00:24 +0000 (12:00 +0100)]
Merge pull request #118 from 2001db8/ESA_update_201601

Ironport/ESA changes to meet current GD versions and tested versions

3 years agoChanges to meet current GD versions
Jens Roesen [Tue, 19 Jan 2016 14:50:37 +0000 (15:50 +0100)]
Changes to meet current GD versions

Complemented list of tested versions and changed limitations to meet the
changes in the GD releases.

3 years agoClear up wording for older configs
Max Maass [Sun, 17 Jan 2016 14:21:49 +0000 (15:21 +0100)]
Clear up wording for older configs

3 years agoAdd information about DH param compatibility
Max Maass [Wed, 13 Jan 2016 10:35:55 +0000 (11:35 +0100)]
Add information about DH param compatibility

3 years agoImplement change requests by @sebix
Max Maass [Sun, 27 Dec 2015 18:54:21 +0000 (19:54 +0100)]
Implement change requests by @sebix

3 years agoAdd custom DH parameters
Max Maass [Sun, 27 Dec 2015 16:08:26 +0000 (17:08 +0100)]
Add custom DH parameters