ach-master.git
6 years agomore slides
Aaron Kaplan [Mon, 20 Oct 2014 20:24:11 +0000 (22:24 +0200)]
more slides

6 years agoadd comment in README: many small commits are better
Aaron Kaplan [Mon, 20 Oct 2014 16:07:58 +0000 (18:07 +0200)]
add comment in README: many small commits are better

6 years agointermediate version, add missing files
Aaron Kaplan [Sun, 19 Oct 2014 23:50:08 +0000 (01:50 +0200)]
intermediate version, add missing files

6 years agointermediate version for hack.lu
Aaron Kaplan [Sun, 19 Oct 2014 23:48:56 +0000 (01:48 +0200)]
intermediate version for hack.lu

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Sun, 19 Oct 2014 20:58:07 +0000 (22:58 +0200)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agofirst commit for the hack.lu 2014 talk
Aaron Kaplan [Sun, 19 Oct 2014 20:57:13 +0000 (22:57 +0200)]
first commit for the hack.lu 2014 talk

6 years agogitignore
Aaron Kaplan [Sun, 19 Oct 2014 20:56:35 +0000 (22:56 +0200)]
gitignore

6 years agoMerge https://github.com/BetterCrypto/Applied-Crypto-Hardening
Aaron Zauner [Sun, 19 Oct 2014 16:16:41 +0000 (18:16 +0200)]
Merge https://github.com/BetterCrypto/Applied-Crypto-Hardening

6 years agoMerge pull request #75 from FireFart/dovecot
Aaron Zauner [Sun, 19 Oct 2014 16:16:12 +0000 (18:16 +0200)]
Merge pull request #75 from FireFart/dovecot

disable SSLv3 for Dovecot

6 years agorevert cipher list
Christian Mehlmauer [Sat, 18 Oct 2014 06:43:51 +0000 (08:43 +0200)]
revert cipher list

6 years agoadded tested system
Christian Mehlmauer [Fri, 17 Oct 2014 20:49:42 +0000 (22:49 +0200)]
added tested system

6 years agomore sslv3
Christian Mehlmauer [Fri, 17 Oct 2014 20:45:05 +0000 (22:45 +0200)]
more sslv3

6 years agoDisable SSLv3 for Dovecot
Christian Mehlmauer [Fri, 17 Oct 2014 20:42:55 +0000 (22:42 +0200)]
Disable SSLv3 for Dovecot

6 years ago+SSLv3 in the SSLCipherSuite, -SSLv3 in the SSLProtocol.
Aaron Kaplan [Fri, 17 Oct 2014 12:30:04 +0000 (14:30 +0200)]
+SSLv3 in the SSLCipherSuite, -SSLv3 in the SSLProtocol.
See the posting "The Poodle killed it" on the www.bettercrypto.org homepage

6 years agoReverted the "Revert "!SSLv3 damn it"" commit.
Aaron Kaplan [Fri, 17 Oct 2014 12:27:38 +0000 (14:27 +0200)]
Reverted the "Revert "!SSLv3 damn it"" commit.
Damn... I threw out too much. This was a decision on 7.7.

This reverts commit ab51c68aa63dea11cc1e019e68c3bb8917da891f.

6 years agoRevert "!SSLv3 damn it"
Aaron Kaplan [Fri, 17 Oct 2014 12:21:08 +0000 (14:21 +0200)]
Revert "!SSLv3 damn it"

This reverts commit baff2df8387234c4fe7d255cac07cf7f8307a634.

6 years agoRevert "no SSLv3 damn it"
Aaron Kaplan [Fri, 17 Oct 2014 12:21:07 +0000 (14:21 +0200)]
Revert "no SSLv3 damn it"

This reverts commit b62a01c3883767ad1f4af4b3b807423830ef915d.

6 years agoRevert "no SSLv3 damn it"
Aaron Kaplan [Fri, 17 Oct 2014 12:21:05 +0000 (14:21 +0200)]
Revert "no SSLv3 damn it"

This reverts commit 6ae00d390dd40343ecfd3607ae7475fc6896f6a7.

6 years agoRevert "no SSLv3 damn it"
Aaron Kaplan [Fri, 17 Oct 2014 12:21:05 +0000 (14:21 +0200)]
Revert "no SSLv3 damn it"

This reverts commit a4fed6e2245d31aca055f599617902a8a2deb2f4.

6 years agoRevert "no SSLv3 damn it"
Aaron Kaplan [Fri, 17 Oct 2014 12:21:04 +0000 (14:21 +0200)]
Revert "no SSLv3 damn it"

This reverts commit e8b61af0270bcd31ef55f35cebd1d0b3a35342ea.

6 years agoRevert "no SSLv3 damn it"
Aaron Kaplan [Fri, 17 Oct 2014 12:21:03 +0000 (14:21 +0200)]
Revert "no SSLv3 damn it"

This reverts commit 3cffbdde793d21fa93446f43a35d615bc21c8894.

6 years agoRevert "no SSLv3 damn it"
Aaron Kaplan [Fri, 17 Oct 2014 12:21:01 +0000 (14:21 +0200)]
Revert "no SSLv3 damn it"

This reverts commit 8b1a5f055fb9d436e7bb7b1325d632cc803b1123.

6 years agoRevert "no SSLv3 damn it"
Aaron Kaplan [Fri, 17 Oct 2014 12:20:59 +0000 (14:20 +0200)]
Revert "no SSLv3 damn it"

This reverts commit 4f7d76eb7d395b66cf12eab0c57b135c9f9277a0.

6 years agoRevert "!SSLv3 damn it"
Aaron Kaplan [Fri, 17 Oct 2014 12:19:06 +0000 (14:19 +0200)]
Revert "!SSLv3 damn it"

This reverts commit ab51c68aa63dea11cc1e019e68c3bb8917da891f.

6 years agoRevert "no SSLv3 damn it"
Aaron Kaplan [Fri, 17 Oct 2014 12:18:43 +0000 (14:18 +0200)]
Revert "no SSLv3 damn it"

This reverts commit 301c910000a27714a13ba7843c16379271a5ef7a.

6 years agono SSLv3 damn it
Aaron Kaplan [Fri, 17 Oct 2014 10:15:30 +0000 (12:15 +0200)]
no SSLv3 damn it

6 years agono SSLv3 damn it
Aaron Kaplan [Fri, 17 Oct 2014 10:14:43 +0000 (12:14 +0200)]
no SSLv3 damn it

6 years agono SSLv3 damn it
Aaron Kaplan [Fri, 17 Oct 2014 10:14:09 +0000 (12:14 +0200)]
no SSLv3 damn it

6 years agono SSLv3 damn it
Aaron Kaplan [Fri, 17 Oct 2014 10:14:01 +0000 (12:14 +0200)]
no SSLv3 damn it

6 years agono SSLv3 damn it
Aaron Kaplan [Fri, 17 Oct 2014 10:13:27 +0000 (12:13 +0200)]
no SSLv3 damn it

6 years agono SSLv3 damn it
Aaron Kaplan [Fri, 17 Oct 2014 10:10:49 +0000 (12:10 +0200)]
no SSLv3 damn it

6 years agono SSLv3 damn it
Aaron Kaplan [Fri, 17 Oct 2014 10:10:13 +0000 (12:10 +0200)]
no SSLv3 damn it

6 years agono SSLv3 damn it
Aaron Kaplan [Fri, 17 Oct 2014 10:09:25 +0000 (12:09 +0200)]
no SSLv3 damn it

6 years ago!SSLv3 damn it
Aaron Kaplan [Fri, 17 Oct 2014 10:08:29 +0000 (12:08 +0200)]
!SSLv3 damn it

6 years ago!SSLv3 damn it
Aaron Kaplan [Fri, 17 Oct 2014 09:56:15 +0000 (11:56 +0200)]
!SSLv3 damn it

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Fri, 17 Oct 2014 09:47:46 +0000 (11:47 +0200)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agocore presentation hack.lu
David Durvaux [Wed, 15 Oct 2014 16:35:19 +0000 (18:35 +0200)]
core presentation hack.lu

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Thu, 9 Oct 2014 09:09:19 +0000 (11:09 +0200)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agominor changes
Aaron Kaplan [Thu, 9 Oct 2014 09:09:06 +0000 (11:09 +0200)]
minor changes

6 years agoMerge pull request #73 from oe1rfc/master
Aaron Zauner [Mon, 6 Oct 2014 00:17:08 +0000 (02:17 +0200)]
Merge pull request #73 from oe1rfc/master

nginx/https-redirect: redirect to request domain, ditch regex

6 years agonginx/https-redirect: use return instead of rewrite regex, $host instead of $server_name
Clemens Hopfer [Sun, 5 Oct 2014 18:55:46 +0000 (20:55 +0200)]
nginx/https-redirect: use return instead of rewrite regex, $host instead of $server_name

6 years agoPush draft presentation for hack.lu
David Durvaux [Tue, 30 Sep 2014 19:37:36 +0000 (21:37 +0200)]
Push draft presentation for hack.lu

6 years agoMerge pull request #72 from oparoz/patch-2
Aaron Zauner [Sun, 28 Sep 2014 20:07:11 +0000 (22:07 +0200)]
Merge pull request #72 from oparoz/patch-2

Added 2 bash scripts

6 years agoAdded 2 bash scripts
Olivier Paroz [Fri, 26 Sep 2014 11:04:32 +0000 (13:04 +0200)]
Added 2 bash scripts

Those scripts use openssl to parse the data and present nice summaries.

```
linux $ ./cipherscan www.google.com:443
...................
prio  ciphersuite                  protocols                    pfs_keysize
1     ECDHE-RSA-CHACHA20-POLY1305  TLSv1.2                      ECDH,P-256,256bits
2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                      ECDH,P-256,256bits
3     ECDHE-RSA-AES128-SHA         TLSv1.1,TLSv1.2              ECDH,P-256,256bits
4     ECDHE-RSA-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
5     AES128-GCM-SHA256            TLSv1.2
6     AES128-SHA256                TLSv1.2
7     AES128-SHA                   TLSv1.1,TLSv1.2
8     RC4-SHA                      SSLv3,TLSv1,TLSv1.1,TLSv1.2
9     RC4-MD5                      SSLv3,TLSv1,TLSv1.1,TLSv1.2
10    ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                      ECDH,P-256,256bits
11    ECDHE-RSA-AES256-SHA384      TLSv1.2                      ECDH,P-256,256bits
12    ECDHE-RSA-AES256-SHA         SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
13    AES256-GCM-SHA384            TLSv1.2
14    AES256-SHA256                TLSv1.2
15    AES256-SHA                   SSLv3,TLSv1,TLSv1.1,TLSv1.2
16    ECDHE-RSA-DES-CBC3-SHA       SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
17    DES-CBC3-SHA                 SSLv3,TLSv1,TLSv1.1,TLSv1.2
18    ECDHE-RSA-AES128-SHA256      TLSv1.2                      ECDH,P-256,256bits

Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature
```

and
https://cloud.githubusercontent.com/assets/8036727/4375481/a521aee8-433c-11e4-9c37-c48464da80a1.jpg

6 years agolighttpd: fix dh-file and ec-curve setting
Adi Kriegisch [Tue, 15 Jul 2014 09:17:33 +0000 (11:17 +0200)]
lighttpd: fix dh-file and ec-curve setting

6 years agoMerge pull request #68 from schwindp/patch-1
AaronK [Fri, 11 Jul 2014 12:33:07 +0000 (14:33 +0200)]
Merge pull request #68 from schwindp/patch-1

Update im.tex - Thanks for the typo fixing!

6 years agoUpdate im.tex
Peter Schwindt [Fri, 11 Jul 2014 12:21:29 +0000 (14:21 +0200)]
Update im.tex

Only fix some typos this time.

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Adi Kriegisch [Mon, 7 Jul 2014 19:26:07 +0000 (21:26 +0200)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agoconsens about 4096bit minimum bit length (implementation implemented)
Adi Kriegisch [Mon, 7 Jul 2014 19:25:40 +0000 (21:25 +0200)]
consens about 4096bit minimum bit length (implementation implemented)

6 years agochange apache rewrite to redirect
cm [Mon, 7 Jul 2014 18:00:27 +0000 (20:00 +0200)]
change apache rewrite to redirect

6 years agoTODO: Some links are bogus to the website instead of staying within the PDF.
Pepi Zawodsky [Sat, 21 Jun 2014 14:38:47 +0000 (16:38 +0200)]
TODO: Some links are bogus to the website instead of staying within the PDF.

6 years agoFix date in PDF
David Durvaux [Thu, 12 Jun 2014 11:18:02 +0000 (13:18 +0200)]
Fix date in PDF

6 years agoPresentation as done M3AAWG/31
David Durvaux [Thu, 12 Jun 2014 07:45:10 +0000 (09:45 +0200)]
Presentation as done M3AAWG/31

6 years agoAs done
David Durvaux [Mon, 9 Jun 2014 15:28:30 +0000 (17:28 +0200)]
As done

6 years agoAdding presentation for Thursday 12/06 - panel discussion
David Durvaux [Mon, 9 Jun 2014 11:01:14 +0000 (13:01 +0200)]
Adding presentation for Thursday 12/06 - panel discussion

6 years agoLast version (discussion with Aaron)
David Durvaux [Sun, 8 Jun 2014 22:08:58 +0000 (00:08 +0200)]
Last version (discussion with Aaron)

6 years agoAdd some comments for presenter ;)
David Durvaux [Sun, 8 Jun 2014 16:00:22 +0000 (18:00 +0200)]
Add some comments for presenter ;)

6 years agoFinal version for presentation
David Durvaux [Sat, 7 Jun 2014 08:53:03 +0000 (10:53 +0200)]
Final version for presentation

6 years agoFinal presentation for M3AWWG
David Durvaux [Fri, 6 Jun 2014 16:33:50 +0000 (18:33 +0200)]
Final presentation for M3AWWG

6 years agoMerge https://github.com/martin-rublik/Applied-Crypto-Hardening
Aaron Zauner [Fri, 6 Jun 2014 14:47:22 +0000 (16:47 +0200)]
Merge https://github.com/martin-rublik/Applied-Crypto-Hardening

6 years agoMerge https://github.com/krono/Applied-Crypto-Hardening
Aaron Zauner [Fri, 6 Jun 2014 14:44:43 +0000 (16:44 +0200)]
Merge https://github.com/krono/Applied-Crypto-Hardening

6 years agoFix glossaries on <tl2012
Tobias Pape [Wed, 4 Jun 2014 11:05:53 +0000 (13:05 +0200)]
Fix glossaries on <tl2012

xindy prior to 2013 does not handle missing \printglossaries
correctly, so switch to makeindex

6 years agoFix tex stuf as requested by TODO2
Tobias Pape [Tue, 3 Jun 2014 21:57:23 +0000 (23:57 +0200)]
Fix tex stuf as requested by TODO2

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Tue, 3 Jun 2014 20:47:38 +0000 (22:47 +0200)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agoignore the gloassary for now
Aaron Kaplan [Tue, 3 Jun 2014 20:47:05 +0000 (22:47 +0200)]
ignore the gloassary for now
make two pdflatex runs in order to have the refs done correctly

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
cm [Tue, 3 Jun 2014 20:41:07 +0000 (22:41 +0200)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agoupdates IANA cipher suites
cm [Tue, 3 Jun 2014 20:40:55 +0000 (22:40 +0200)]
updates IANA cipher suites

6 years agocomment out the chosing your own cipher section since it is not finished
Aaron Kaplan [Tue, 3 Jun 2014 20:40:26 +0000 (22:40 +0200)]
comment out the chosing your own cipher section since it is not finished

6 years agoAzet found a way to include the ephermeral handshakes which work in older openssl...
Aaron Kaplan [Tue, 3 Jun 2014 20:39:33 +0000 (22:39 +0200)]
Azet found a way to include the ephermeral handshakes which work in older openssl versions as well as in newer ones.
See also: http://lists.cert.at/pipermail/ach/2014-May/001355.html

6 years agoremove todo
Aaron Kaplan [Tue, 3 Jun 2014 20:12:18 +0000 (22:12 +0200)]
remove todo

6 years agorevert
Aaron Kaplan [Tue, 3 Jun 2014 20:11:56 +0000 (22:11 +0200)]
revert

6 years agoaccomodate for different latex output warnings about undefined refs
Aaron Kaplan [Tue, 3 Jun 2014 20:10:28 +0000 (22:10 +0200)]
accomodate for different latex output warnings about undefined refs

6 years agoreformulate
Aaron Kaplan [Tue, 3 Jun 2014 19:57:34 +0000 (21:57 +0200)]
reformulate

6 years agouploaded the dhparams to the web page /static/dhparams
Aaron Kaplan [Tue, 3 Jun 2014 19:56:40 +0000 (21:56 +0200)]
uploaded the dhparams to the web page /static/dhparams
Reference the URL from the PDF.

6 years agosame
Aaron Kaplan [Tue, 3 Jun 2014 19:43:18 +0000 (21:43 +0200)]
same

6 years agoseclayer_tcp will be commented out if nothing comes from the involved parties
Aaron Kaplan [Tue, 3 Jun 2014 19:42:31 +0000 (21:42 +0200)]
seclayer_tcp will be commented out if nothing comes from the involved parties

6 years agosquid is commented out for now until we know that it was tested
Aaron Kaplan [Tue, 3 Jun 2014 19:41:01 +0000 (21:41 +0200)]
squid is commented out for now until we know that it was tested

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Tue, 3 Jun 2014 19:38:30 +0000 (21:38 +0200)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agoremove \todos - >
Aaron Kaplan [Tue, 3 Jun 2014 19:38:12 +0000 (21:38 +0200)]
remove \todos - >
% XXX ask the author XXX

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
cm [Tue, 3 Jun 2014 19:22:32 +0000 (21:22 +0200)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agookay, we do need to add references to ejabberd
Aaron Kaplan [Tue, 3 Jun 2014 19:21:34 +0000 (21:21 +0200)]
okay, we do need to add references to ejabberd

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
cm [Tue, 3 Jun 2014 19:20:54 +0000 (21:20 +0200)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agoadded link to gutmanns x.509 text
cm [Tue, 3 Jun 2014 19:20:50 +0000 (21:20 +0200)]
added link to gutmanns x.509 text

6 years agoopenswan
Aaron Kaplan [Tue, 3 Jun 2014 19:10:20 +0000 (21:10 +0200)]
openswan

6 years agoIKE ike ike
Aaron Kaplan [Tue, 3 Jun 2014 18:58:48 +0000 (20:58 +0200)]
IKE ike ike

6 years agoctable is here
Aaron Kaplan [Tue, 3 Jun 2014 18:46:42 +0000 (20:46 +0200)]
ctable is here

6 years agonote to Wolfgang
Aaron Kaplan [Tue, 3 Jun 2014 18:19:17 +0000 (20:19 +0200)]
note to Wolfgang

6 years agotyposquatting
Aaron Kaplan [Tue, 3 Jun 2014 18:12:30 +0000 (20:12 +0200)]
typosquatting

6 years agoclarify wording
Aaron Kaplan [Tue, 3 Jun 2014 18:10:43 +0000 (20:10 +0200)]
clarify wording

6 years agonotes
Aaron Kaplan [Tue, 3 Jun 2014 18:04:04 +0000 (20:04 +0200)]
notes

6 years agoreformulate
Aaron Kaplan [Tue, 3 Jun 2014 18:00:19 +0000 (20:00 +0200)]
reformulate

6 years agotypo
Aaron Kaplan [Tue, 3 Jun 2014 17:58:57 +0000 (19:58 +0200)]
typo

6 years agofurhter clarify ECDSA/Schannel usage
Aaron Zauner [Tue, 3 Jun 2014 17:58:06 +0000 (19:58 +0200)]
furhter clarify ECDSA/Schannel usage

6 years agoMerge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Zauner [Tue, 3 Jun 2014 17:51:57 +0000 (19:51 +0200)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master

6 years agoclarify SChannel ciphersuite use by microsoft
Aaron Zauner [Tue, 3 Jun 2014 17:51:49 +0000 (19:51 +0200)]
clarify SChannel ciphersuite use by microsoft

6 years agotypo
Aaron Kaplan [Tue, 3 Jun 2014 17:45:00 +0000 (19:45 +0200)]
typo
document what we are still missing in the testing part

6 years agoadd guttman's references
Aaron Kaplan [Tue, 3 Jun 2014 17:41:57 +0000 (19:41 +0200)]
add guttman's references

6 years agoclarify in the beginning what we mean by cipherstring A and B
Aaron Kaplan [Tue, 3 Jun 2014 17:34:28 +0000 (19:34 +0200)]
clarify in the beginning what we mean by cipherstring A and B

6 years agonotes from todo
Aaron Kaplan [Tue, 3 Jun 2014 17:21:14 +0000 (19:21 +0200)]
notes from todo

6 years agoglossary example removed from the final release
Aaron Kaplan [Tue, 3 Jun 2014 17:18:29 +0000 (19:18 +0200)]
glossary example removed from the final release