ach-master.git
4 years agotested with ubuntu 14.04
Sebastian Wagner [Sun, 5 Apr 2015 19:28:54 +0000 (21:28 +0200)]
tested with ubuntu 14.04

4 years agoMerge pull request #104 from sebix/explain-postfix
Aaron Zauner [Tue, 7 Apr 2015 09:38:11 +0000 (11:38 +0200)]
Merge pull request #104 from sebix/explain-postfix

Explain postfix settings for s2s & s2c connections

4 years agoMerge pull request #102 from sebix/ignoretmp
Aaron Zauner [Tue, 7 Apr 2015 09:33:09 +0000 (11:33 +0200)]
Merge pull request #102 from sebix/ignoretmp

gitignore: ignore tempoary files *~

4 years agoExplain postfix settings for s2s & s2c connections
Sebastian Wagner [Mon, 6 Apr 2015 15:35:25 +0000 (17:35 +0200)]
Explain postfix settings for s2s & s2c connections

As discussed in BetterCrypto/Applied-Crypto-Hardening#97

4 years agoUncovered software and more for further research
Sebastian Wagner [Sun, 5 Apr 2015 20:15:12 +0000 (22:15 +0200)]
Uncovered software and more for further research

Added some applications to the list of uncovered software, mainly inspired by messages on the mailinglist
Removed some applications from the same list which are definitely not in the scope of this paper
And added a new section of uncovered software, with a short note on the reason

4 years agogitignore: ignore tempoary files *~
Sebastian Wagner [Sun, 5 Apr 2015 20:00:56 +0000 (22:00 +0200)]
gitignore: ignore tempoary files *~

4 years agofix undefined reference J_BLACKHAT
Christian Mehlmauer [Sun, 5 Apr 2015 08:09:21 +0000 (10:09 +0200)]
fix undefined reference J_BLACKHAT

4 years agochange nginx config to $server_name
Christian Mehlmauer [Sat, 4 Apr 2015 20:37:35 +0000 (22:37 +0200)]
change nginx config to $server_name

4 years agoDont use the $host variable in NGINX, it's user supplied data (HOST header)
Christian Mehlmauer [Mon, 30 Mar 2015 15:12:23 +0000 (17:12 +0200)]
Dont use the $host variable in NGINX, it's user supplied data (HOST header)

4 years agoadd OpenSSH tested version
Christian Mehlmauer [Mon, 30 Mar 2015 15:06:19 +0000 (17:06 +0200)]
add OpenSSH tested version

4 years agoIf there is a red line under it, check the speling.
Pepi Zawodsky [Mon, 30 Mar 2015 00:48:26 +0000 (02:48 +0200)]
If there is a red line under it, check the speling.

4 years agoadd picture back, but small
Aaron Kaplan [Sun, 29 Mar 2015 20:48:10 +0000 (22:48 +0200)]
add picture back, but small

4 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Sun, 29 Mar 2015 20:45:12 +0000 (22:45 +0200)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening

4 years agoRevert "fix image"
Aaron Kaplan [Sun, 29 Mar 2015 20:44:56 +0000 (22:44 +0200)]
Revert "fix image"
Take Pepi's version

This reverts commit 05faee9d935736df4ebb9b03000eea99a1847861.

4 years agofix image
Aaron Kaplan [Sun, 29 Mar 2015 20:44:41 +0000 (22:44 +0200)]
fix image

4 years agoRemoved Klaus Landefeld picture. Corrected Logo Link for cover slide.
Pepi Zawodsky [Sun, 29 Mar 2015 20:41:35 +0000 (22:41 +0200)]
Removed Klaus Landefeld picture. Corrected Logo Link for cover slide.

4 years agooops
Aaron Kaplan [Sun, 29 Mar 2015 20:37:01 +0000 (22:37 +0200)]
oops

4 years agoMerge branch 'master' of github:BetterCrypto/Applied-Crypto-Hardening
Pepi Zawodsky [Sun, 29 Mar 2015 20:35:56 +0000 (22:35 +0200)]
Merge branch 'master' of github:BetterCrypto/Applied-Crypto-Hardening

4 years agoAdded Klaus Landefeld quote about End-to-End crypto.
Pepi Zawodsky [Sun, 29 Mar 2015 20:35:50 +0000 (22:35 +0200)]
Added Klaus Landefeld quote about End-to-End crypto.

4 years agoadd brainstorming slide
Aaron Kaplan [Sun, 29 Mar 2015 20:35:06 +0000 (22:35 +0200)]
add brainstorming slide

4 years agoclarify DANE
Aaron Kaplan [Sun, 29 Mar 2015 20:21:49 +0000 (22:21 +0200)]
clarify DANE

4 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Sun, 29 Mar 2015 20:18:44 +0000 (22:18 +0200)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening

4 years agoremove some slides at the end
Aaron Kaplan [Sun, 29 Mar 2015 20:18:22 +0000 (22:18 +0200)]
remove some slides at the end

4 years agoRecommend OCSP stapling
Pepi Zawodsky [Sun, 29 Mar 2015 20:17:00 +0000 (22:17 +0200)]
Recommend OCSP stapling

4 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Sun, 29 Mar 2015 20:14:00 +0000 (22:14 +0200)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening

4 years agoadd sslyze & screenshots
Aaron Kaplan [Sun, 29 Mar 2015 20:13:48 +0000 (22:13 +0200)]
add sslyze & screenshots

4 years agoAdded VM recommendation for RNGs and caveat for cipher strings.
Pepi Zawodsky [Sun, 29 Mar 2015 20:11:46 +0000 (22:11 +0200)]
Added VM recommendation for RNGs and caveat for cipher strings.

4 years agoless defensive status statement.
Pepi Zawodsky [Sun, 29 Mar 2015 20:02:31 +0000 (22:02 +0200)]
less defensive status statement.

4 years agoChanged filename of SSLLas screenshot so LaTeX will not be confused by extension...
Pepi Zawodsky [Sun, 29 Mar 2015 19:57:00 +0000 (21:57 +0200)]
Changed filename of SSLLas screenshot so LaTeX will not be confused by extension parsing.

4 years agoMerge branch 'master' of github:BetterCrypto/Applied-Crypto-Hardening
Pepi Zawodsky [Sun, 29 Mar 2015 19:47:55 +0000 (21:47 +0200)]
Merge branch 'master' of github:BetterCrypto/Applied-Crypto-Hardening

4 years agoUpdated Screenshot for SSLLabs. Disable RC4.
Pepi Zawodsky [Sun, 29 Mar 2015 19:47:48 +0000 (21:47 +0200)]
Updated Screenshot for SSLLabs. Disable RC4.

4 years agoMerge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Sun, 29 Mar 2015 19:45:08 +0000 (21:45 +0200)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening

4 years agoadd slides with questions for organisations how they can
Aaron Kaplan [Sun, 29 Mar 2015 19:44:11 +0000 (21:44 +0200)]
add slides with questions for organisations how they can
achieve crypto deployment agility

4 years agoAdded new screenshot for SSLLabs test for bettercrypto.org
Pepi Zawodsky [Sun, 29 Mar 2015 19:42:32 +0000 (21:42 +0200)]
Added new screenshot for SSLLabs test for bettercrypto.org

4 years agoChanged date format to ISO8601
Pepi Zawodsky [Sun, 29 Mar 2015 19:23:07 +0000 (21:23 +0200)]
Changed date format to ISO8601

4 years agoadd license
Aaron Kaplan [Sun, 29 Mar 2015 19:00:45 +0000 (21:00 +0200)]
add license

4 years agoinitial slide deck for trainings
Aaron Kaplan [Sun, 29 Mar 2015 18:58:38 +0000 (20:58 +0200)]
initial slide deck for trainings

4 years agoadd comment on openvpn duplexing
Aaron Zauner [Mon, 16 Mar 2015 16:08:46 +0000 (17:08 +0100)]
add comment on openvpn duplexing

4 years agoRevert "comment-out OpenVPN, see GitHub #91"
Aaron Zauner [Mon, 16 Mar 2015 15:54:20 +0000 (16:54 +0100)]
Revert "comment-out OpenVPN, see GitHub #91"

This reverts commit 7b6fd17814acdbb2304ca3e84e99b02fe919abe6.

4 years agoMerge pull request #99 from shotty1/master
Aaron Zauner [Sat, 7 Mar 2015 16:25:15 +0000 (17:25 +0100)]
Merge pull request #99 from shotty1/master

Added -sha256 for generating keys

4 years agoAdded -sha256 for generating keys
shotty1 [Sat, 7 Mar 2015 11:24:47 +0000 (12:24 +0100)]
Added -sha256 for generating keys

Please check if this is OK. It improved the ssllabs results for me, removing the warning about SHA1.

4 years agocomment-out OpenVPN, see GitHub #91
Aaron Zauner [Wed, 18 Feb 2015 18:45:16 +0000 (19:45 +0100)]
comment-out OpenVPN, see GitHub #91

4 years agoMerge pull request #95 from sebix/cherokee-webserver
Aaron Zauner [Wed, 18 Feb 2015 18:37:43 +0000 (19:37 +0100)]
Merge pull request #95 from sebix/cherokee-webserver

Adding section for cherokee webserver

4 years agoMerge pull request #94 from sebix/stunnel
Aaron Zauner [Wed, 18 Feb 2015 18:37:19 +0000 (19:37 +0100)]
Merge pull request #94 from sebix/stunnel

Adding stunnel section to proxies

4 years agoMerge pull request #96 from BetterCrypto/revert-80-master
Aaron Zauner [Wed, 18 Feb 2015 18:34:40 +0000 (19:34 +0100)]
Merge pull request #96 from BetterCrypto/revert-80-master

Revert "Adding prosody"

4 years agoRevert "Adding prosody"
Aaron Zauner [Wed, 18 Feb 2015 18:34:30 +0000 (19:34 +0100)]
Revert "Adding prosody"

4 years agoAdding section for cherokee webserver
Sebastian Wagner [Wed, 18 Feb 2015 11:12:42 +0000 (12:12 +0100)]
Adding section for cherokee webserver

4 years agoAdding stunnel section to proxies
Sebastian Wagner [Fri, 13 Feb 2015 09:42:23 +0000 (10:42 +0100)]
Adding stunnel section to proxies

4 years agoMerge pull request #92 from sebix/master
Aaron Zauner [Fri, 13 Feb 2015 06:49:29 +0000 (07:49 +0100)]
Merge pull request #92 from sebix/master

Add certificate chain files to configs of apache and lighttpd

4 years agoMerge pull request #93 from 2001db8/master
Aaron Zauner [Fri, 13 Feb 2015 06:49:10 +0000 (07:49 +0100)]
Merge pull request #93 from 2001db8/master

Corrected the link for the SSL Labs Best Practices Guide

4 years agoCorrected link for SSL Labs Best Practices Guide
Jens Roesen [Fri, 6 Feb 2015 14:32:25 +0000 (15:32 +0100)]
Corrected link for SSL Labs Best Practices Guide

Link was 404. Changed it for a working one pointing to version 1.3 of
the guide.

4 years agoMerge pull request #83 from DigNative/pdfmapfile
Aaron Zauner [Sat, 24 Jan 2015 23:06:57 +0000 (00:06 +0100)]
Merge pull request #83 from DigNative/pdfmapfile

Modifying `\pdfmapfile' modifiers to not issue warnings on duplicate font map entries anymore.

4 years agoMerge pull request #85 from DigNative/neboltai-jpg
Aaron Zauner [Sat, 24 Jan 2015 23:06:47 +0000 (00:06 +0100)]
Merge pull request #85 from DigNative/neboltai-jpg

File `neboltai.png` is actually a JPG file.

4 years agoMerge pull request #84 from DigNative/ignore-configfiles
Aaron Zauner [Sat, 24 Jan 2015 23:04:59 +0000 (00:04 +0100)]
Merge pull request #84 from DigNative/ignore-configfiles

Adding `/src/configfiles.txt` to ignore list.

4 years agoAdd cert chains for apache and lighttpd
Sebastian Wagner [Sat, 24 Jan 2015 13:00:08 +0000 (14:00 +0100)]
Add cert chains for apache and lighttpd

4 years agoForgot to remove one off-topic section, changed formatting.
Max Maass [Thu, 8 Jan 2015 11:43:44 +0000 (12:43 +0100)]
Forgot to remove one off-topic section, changed formatting.

4 years agoAdded info about another tested distro, and removed some off-topic parts
Max Maass [Thu, 8 Jan 2015 11:40:40 +0000 (12:40 +0100)]
Added info about another tested distro, and removed some off-topic parts

4 years agoRe-added old config, restructured config files into subfolders
Max Maass [Wed, 7 Jan 2015 21:05:48 +0000 (22:05 +0100)]
Re-added old config, restructured config files into subfolders

4 years agoRemoved unnecessary explanation.
Max Maass [Wed, 7 Jan 2015 20:40:54 +0000 (21:40 +0100)]
Removed unnecessary explanation.

4 years agoChanged cipher string to more compatible set of recommendations from the guide
Max Maass [Wed, 7 Jan 2015 20:34:06 +0000 (21:34 +0100)]
Changed cipher string to more compatible set of recommendations from the guide

4 years agoChanged the references section to also print the URL.
Max Maass [Wed, 7 Jan 2015 17:20:31 +0000 (18:20 +0100)]
Changed the references section to also print the URL.

4 years agoChanged ejabberd to new config file syntax and added information about more interesti...
Max Maass [Wed, 7 Jan 2015 17:16:19 +0000 (18:16 +0100)]
Changed ejabberd to new config file syntax and added information about more interesting settings.

5 years agoMerge pull request #87 from julianladisch/Header-always-add
Aaron Zauner [Fri, 12 Dec 2014 20:25:54 +0000 (21:25 +0100)]
Merge pull request #87 from julianladisch/Header-always-add

HSTS Apache: Header always add/set

5 years agoHSTS Apache: Header always add/set
julianladisch [Fri, 12 Dec 2014 15:46:21 +0000 (16:46 +0100)]
HSTS Apache: Header always add/set

Add "always" as Redirections and "Forbidden" pages should also get HSTS:
https://httpd.apache.org/docs/2.4/mod/mod_headers.html

Replace "add" by "set" to prevent adding a second HSTS field: "If an STS
header field is included, the HSTS Host MUST include only one such
header field." https://tools.ietf.org/html/rfc6797#section-7.1

5 years agoMerge pull request #86 from julianladisch/Header-always-set
Aaron Zauner [Fri, 12 Dec 2014 15:02:31 +0000 (16:02 +0100)]
Merge pull request #86 from julianladisch/Header-always-set

HSTS Apache: Header always set

5 years agoHSTS Apache: Header always set
julianladisch [Fri, 12 Dec 2014 14:58:02 +0000 (15:58 +0100)]
HSTS Apache: Header always set

Redirections and "Forbidden" pages should also get HSTS.

5 years agofixed path for prosody (#81)
Aaron Zauner [Sun, 16 Nov 2014 15:34:57 +0000 (16:34 +0100)]
fixed path for prosody (#81)

5 years agopath was wrong
Aaron Kaplan [Mon, 10 Nov 2014 19:50:41 +0000 (20:50 +0100)]
path was wrong

5 years agoremoved the supporting older clients as requested by Adi .
Aaron Kaplan [Mon, 10 Nov 2014 19:44:18 +0000 (20:44 +0100)]
removed the supporting older clients as requested by Adi .
Why? Because the POODLE killed it ;-)
Older clients which do not support SNI can't speak TLSv1.0 and above.
We don't support SSLv3 anymore anyway.

5 years agoMerge github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Mon, 10 Nov 2014 19:11:16 +0000 (20:11 +0100)]
Merge github.com:BetterCrypto/Applied-Crypto-Hardening

5 years agominor
Aaron Kaplan [Mon, 10 Nov 2014 19:06:45 +0000 (20:06 +0100)]
minor

5 years agoFile `neboltai.png` is actually a JPG file.
René Schwarz [Sat, 8 Nov 2014 22:26:21 +0000 (23:26 +0100)]
File `neboltai.png` is actually a JPG file.

A `file src/neboltai.png` reveals that this file is actually a JPG file:

    $ file neboltai.png
    neboltai.png: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1596x2225, frames 3

Changed extension accordingly.

5 years agoAdding `/src/configfiles.txt` to ignore list.
René Schwarz [Sat, 8 Nov 2014 17:58:46 +0000 (18:58 +0100)]
Adding `/src/configfiles.txt` to ignore list.

The `/src/common/configfiles.tex` file creates the file `/src/configfiles.txt` during compilation, which is an auxiliary file containing all config files used/existing (I am not sure). However, this file should not be committed to the repository, at it is an auxiliary file created during compilation.

5 years agoModifying `\pdfmapfile' modifiers to not issue warnings on duplicate font map entries...
René Schwarz [Sat, 8 Nov 2014 17:46:11 +0000 (18:46 +0100)]
Modifying `\pdfmapfile' modifiers to not issue warnings on duplicate font map entries anymore.

When tried to compile the document on a Windows machine using latest MiKTeX and recent versions of all LaTeX packages included in the full installation, one can notice around 150 warnings thrown because the `system.tex' file contains two lines to include the font map files of `SourceCodePro' and `opensans' using the `\pdfmapfile' command. Because the modifier `+' is used, warnings are thrown for each font map which is already included by default for the document.

IMHO it is better to use the `=' modifier, which changes the behavior a little bit: The `+' modifier reads the specified font map and ignores all duplicate font map entries (a warning is issued), while the `=' modifier reads the specified font map and replaces matching font map entries with the new entries (no warning issued). I think this is the desired behavior.

For additional information refer to the PDFTeX documentation (`pdftex-a.pdf', r655 as of November 23, 2010) on pages 24 et seq.

5 years agoremove tlsv1 exclusion
Aaron Zauner [Thu, 6 Nov 2014 19:09:23 +0000 (20:09 +0100)]
remove tlsv1 exclusion

5 years agoMerge pull request #82 from stasic/patch-3
AaronK [Thu, 6 Nov 2014 06:19:01 +0000 (07:19 +0100)]
Merge pull request #82 from stasic/patch-3

added ubuntu 14.10

5 years agoadded ubuntu 14.10
Arsen Stasic [Wed, 5 Nov 2014 19:49:25 +0000 (20:49 +0100)]
added ubuntu 14.10

5 years agoMerge pull request #80 from MeikoDis/master
Aaron Zauner [Wed, 5 Nov 2014 13:38:12 +0000 (14:38 +0100)]
Merge pull request #80 from MeikoDis/master

Adding prosody

5 years agoText adjusted.
MeikoDis [Wed, 5 Nov 2014 13:31:03 +0000 (13:31 +0000)]
Text adjusted.

5 years agoRecommended Cipherstring
MeikoDis [Wed, 5 Nov 2014 09:44:28 +0000 (09:44 +0000)]
Recommended Cipherstring

5 years agoRC4, SHA1 and MD5
MeikoDis [Wed, 5 Nov 2014 00:08:38 +0000 (00:08 +0000)]
RC4, SHA1 and MD5

5 years agoCorrection2
MeikoDis [Wed, 5 Nov 2014 00:03:42 +0000 (00:03 +0000)]
Correction2

5 years agoCorrection
MeikoDis [Tue, 4 Nov 2014 23:59:38 +0000 (23:59 +0000)]
Correction

5 years agoCiphers, curve and depth added
MeikoDis [Tue, 4 Nov 2014 23:54:14 +0000 (23:54 +0000)]
Ciphers, curve and depth added

5 years agoMerge branch 'master' of github.com:MeikoDis/Applied-Crypto-Hardening
MeikoDis [Tue, 4 Nov 2014 22:53:43 +0000 (22:53 +0000)]
Merge branch 'master' of github.com:MeikoDis/Applied-Crypto-Hardening

5 years agoMerge https://github.com/BetterCrypto/Applied-Crypto-Hardening
Aaron Zauner [Sun, 2 Nov 2014 00:00:35 +0000 (01:00 +0100)]
Merge https://github.com/BetterCrypto/Applied-Crypto-Hardening

5 years agoMerge pull request #77 from DigNative/master
Aaron Zauner [Sun, 2 Nov 2014 00:00:29 +0000 (01:00 +0100)]
Merge pull request #77 from DigNative/master

Document did not compile under Windows, typo fixes

5 years agoMerge https://github.com/DigNative/Applied-Crypto-Hardening
Aaron Zauner [Sat, 1 Nov 2014 23:59:51 +0000 (00:59 +0100)]
Merge https://github.com/DigNative/Applied-Crypto-Hardening

5 years agoMerge pull request #78 from chdorb/patch-1
Aaron Zauner [Sat, 1 Nov 2014 23:58:28 +0000 (00:58 +0100)]
Merge pull request #78 from chdorb/patch-1

Update webserver.tex

5 years agoMerge pull request #70 from blakefrantz/master
Aaron Zauner [Sat, 1 Nov 2014 23:57:51 +0000 (00:57 +0100)]
Merge pull request #70 from blakefrantz/master

fixed small typos in IIS section

5 years agoMerge pull request #71 from oparoz/patch-1
Aaron Zauner [Sat, 1 Nov 2014 23:56:23 +0000 (00:56 +0100)]
Merge pull request #71 from oparoz/patch-1

Wrong verb for HSTS header

5 years agoMerge pull request #79 from stasic/patch-2
AaronK [Tue, 28 Oct 2014 22:57:00 +0000 (23:57 +0100)]
Merge pull request #79 from stasic/patch-2

added freebsd 10
Thx Arsen!

5 years agoadded freebsd 10
Arsen Stasic [Tue, 28 Oct 2014 21:23:21 +0000 (22:23 +0100)]
added freebsd 10

added ssh signature for freebsd 10

5 years agoUpdate webserver.tex
chdorb [Thu, 23 Oct 2014 12:33:23 +0000 (14:33 +0200)]
Update webserver.tex

Just a little lack of conjugation.

5 years agoChange email address
David Durvaux [Wed, 22 Oct 2014 07:37:15 +0000 (09:37 +0200)]
Change email address

5 years agoadd all the things
Aaron Zauner [Tue, 21 Oct 2014 08:10:35 +0000 (10:10 +0200)]
add all the things

5 years agoadd summary paper on curves progress within CFRG
Aaron Zauner [Tue, 21 Oct 2014 07:57:01 +0000 (09:57 +0200)]
add summary paper on curves progress within CFRG

5 years agoadd slides on IETF
Aaron Zauner [Tue, 21 Oct 2014 07:55:01 +0000 (09:55 +0200)]
add slides on IETF

5 years agostill minor modifications
Aaron Kaplan [Mon, 20 Oct 2014 22:26:48 +0000 (00:26 +0200)]
still minor modifications

5 years agoreplace medical-test.jpg picture :)
Aaron Kaplan [Mon, 20 Oct 2014 22:12:36 +0000 (00:12 +0200)]
replace medical-test.jpg picture :)
minor changes to the text