Aaron Zauner [Sun, 13 Apr 2014 13:33:07 +0000 (15:33 +0200)]
Merge pull request #58 from shotty1/patch-1
Corrected Syntax on STS
shotty1 [Sat, 12 Apr 2014 17:16:34 +0000 (19:16 +0200)]
Corrected Syntax on STS
Syntax was missing "" for STS including subdomains.
Tested with Apache 2.2.22 against OpenSSL 1.0.1e, Debian Wheezy
Aaron Zauner [Sat, 12 Apr 2014 16:31:08 +0000 (18:31 +0200)]
Merge pull request #57 from mirbach/master
MS IIS Config & Test
Andreas Mirbach [Fri, 11 Apr 2014 13:06:17 +0000 (15:06 +0200)]
IIS Config & Test
I tested Cipher String B agains all supported versions of Windows and
related Internet Explorer Versions. Its gone work. Yeay
Tobias Pape [Sun, 6 Apr 2014 22:18:44 +0000 (00:18 +0200)]
Silly me. Adapt Makefile for index
Tobias Pape [Sun, 6 Apr 2014 20:40:58 +0000 (22:40 +0200)]
Add local glossaries package to avoid errors
Tobias Pape [Fri, 17 Jan 2014 15:46:37 +0000 (16:46 +0100)]
typo in md
Tobias Pape [Fri, 17 Jan 2014 14:22:11 +0000 (15:22 +0100)]
A short helper on how to use _acronyms_, _glossary entries_, and the _index_.
Tobias Pape [Fri, 17 Jan 2014 10:30:09 +0000 (11:30 +0100)]
Example usage
Tobias Pape [Fri, 17 Jan 2014 10:27:20 +0000 (11:27 +0100)]
Enable glossaries for a Glossary, Acronyms, and Index
Aaron Zauner [Sat, 5 Apr 2014 18:17:05 +0000 (20:17 +0200)]
Merge https://github.com/BetterCrypto/Applied-Crypto-Hardening
Conflicts:
src/practical_settings/ssh.tex
Aaron Zauner [Sat, 5 Apr 2014 17:59:21 +0000 (19:59 +0200)]
Merge pull request #55 from krono/configfiles-and-latex
Configfiles and latex
Aaron Zauner [Sat, 5 Apr 2014 17:31:15 +0000 (19:31 +0200)]
Merge https://github.com/BetterCrypto/Applied-Crypto-Hardening
Aaron Zauner [Sat, 5 Apr 2014 17:31:08 +0000 (19:31 +0200)]
Merge pull request #52 from bong0/master
I hopefully clarified what my report cipher name deprecation is about
Aaron Zauner [Sat, 5 Apr 2014 17:16:05 +0000 (19:16 +0200)]
exlude IDEA cipher
IDEA is known for weak keys. it is a valid fallback option on openssl =< 0.9.7
cm [Fri, 4 Apr 2014 15:52:00 +0000 (17:52 +0200)]
add sshd -t hint to ssh section
Tobias Dussa [Mon, 31 Mar 2014 14:20:59 +0000 (16:20 +0200)]
Added talk at DFN-Betriebstagung 2014.
Tobias Pape [Tue, 25 Mar 2014 16:54:55 +0000 (17:54 +0100)]
Actually strip an image
Tobias Pape [Tue, 25 Mar 2014 16:46:23 +0000 (17:46 +0100)]
Simplify an image
Tobias Pape [Tue, 25 Mar 2014 02:59:49 +0000 (03:59 +0100)]
Split configfiles out of TeX document.
This gives us the possibilty to give complete, downloadable
examles; All config files are linked to a modifieable URL,
the default being https://bettercrypto.org/static/configuration/...
Next step: replace ciphersuite automatically in those config files?
Most configfiles are based on their Debian Wheezy, sometime Jessie,
defaults.
Tobias Pape [Tue, 25 Mar 2014 02:51:04 +0000 (03:51 +0100)]
Nicer tables
Tobias Pape [Tue, 25 Mar 2014 02:46:58 +0000 (03:46 +0100)]
Use OpenSans and SourceCode Pro from our own texmf
We pick it up automatically in the Makefile
Tobias Pape [Tue, 25 Mar 2014 02:24:36 +0000 (03:24 +0100)]
Make it easier to select draft/final
Ulrich [Mon, 24 Mar 2014 11:43:28 +0000 (12:43 +0100)]
Subsection disappeared. Bugfix
Aaron Zauner [Sun, 23 Mar 2014 23:56:42 +0000 (00:56 +0100)]
Merge pull request #54 from nagua/OpenSSH-Curve25519
OpenSSH 6.6p1 Ciphers, MAC, Kex changes
Nicolas Riebesel [Sun, 23 Mar 2014 22:58:30 +0000 (23:58 +0100)]
Added myself to Acknowledgements
Nicolas Riebesel [Sun, 23 Mar 2014 22:46:28 +0000 (23:46 +0100)]
OpenSSH 6.6p1 Ciphers, MAC, Kex changes
* New tested configuration for OpenSSH 6.6p1
* Added curve25519-sha256@libssh.org to KexAlgorithms (6.6p1)
* Added chacha20-poly1305@openssh.com to Ciphers (6.6p1)
* Added umac-128-etm@openssh.com and hmac-ripemd160 to MAC (6.6p1)
Aaron Kaplan [Mon, 3 Mar 2014 19:20:21 +0000 (19:20 +0000)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 3 Mar 2014 19:20:04 +0000 (19:20 +0000)]
make a note on RSA
Pepi Zawodsky [Thu, 27 Feb 2014 21:59:44 +0000 (22:59 +0100)]
Suggestion: Add SSL/TLS versions supported by MS IIS
Adi Kriegisch [Tue, 25 Feb 2014 08:49:49 +0000 (09:49 +0100)]
removed Opera 17 from the list of supported browsers for Cipher A (thanks interfaSys Sàrl for testing)
Adi Kriegisch [Mon, 24 Feb 2014 17:28:44 +0000 (18:28 +0100)]
fixed CipherA compatibility (thanks interfaSys Sàrl) and added a reference to choosing ones own cipher suite
Aaron Zauner [Sun, 23 Feb 2014 19:44:31 +0000 (20:44 +0100)]
add Alexander Würstlein to authors, we'll need references to affiliation with superscript or similar soon
Adi Kriegisch [Mon, 17 Feb 2014 23:08:17 +0000 (00:08 +0100)]
created a new old clients subsection for web servers and moved config hints in there
Aaron Zauner [Fri, 14 Feb 2014 17:19:38 +0000 (18:19 +0100)]
merging kerberos pull req. by @arwarw via github
Alexander Wuerstlein [Fri, 14 Feb 2014 16:33:54 +0000 (17:33 +0100)]
listlisting is wrong
Alexander Wuerstlein [Fri, 14 Feb 2014 16:18:49 +0000 (17:18 +0100)]
typo: one more comma and an unescaped #
Alexander Wuerstlein [Fri, 14 Feb 2014 15:44:01 +0000 (16:44 +0100)]
typo: missing commata
Alexander Wuerstlein [Fri, 14 Feb 2014 15:42:04 +0000 (16:42 +0100)]
typo: missing string name in security.bib
Aaron Kaplan [Fri, 14 Feb 2014 13:45:59 +0000 (14:45 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Fri, 14 Feb 2014 13:45:05 +0000 (14:45 +0100)]
add presentations from the TF-CSIRT TERENA meeting
Alexander Wuerstlein [Thu, 13 Feb 2014 23:46:26 +0000 (00:46 +0100)]
Bibtex all urls included in comments
cm [Wed, 12 Feb 2014 19:31:57 +0000 (20:31 +0100)]
postfix master.cf: remove spaces
Pepi Zawodsky [Wed, 12 Feb 2014 18:25:17 +0000 (19:25 +0100)]
Added StartTLS.info website for mail servers.
Aaron Kaplan [Wed, 12 Feb 2014 10:49:55 +0000 (11:49 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Wed, 12 Feb 2014 10:49:45 +0000 (11:49 +0100)]
add some notes
Aaron Zauner [Wed, 12 Feb 2014 08:26:03 +0000 (09:26 +0100)]
Merge pull request #53 from hansenerd/master
fix nginx Strict-Transport-Security example directive.
Christoph Gebhardt [Tue, 11 Feb 2014 23:02:28 +0000 (00:02 +0100)]
fix nginx Strict-Transport-Security example directive.
Pepi Zawodsky [Tue, 11 Feb 2014 19:26:56 +0000 (20:26 +0100)]
Added more details to the OpenVPN warnings.
Julian [Tue, 11 Feb 2014 19:21:57 +0000 (20:21 +0100)]
fixed typo
Julian [Tue, 11 Feb 2014 19:21:21 +0000 (20:21 +0100)]
added clarification on openvpn deprecation messages
Pepi Zawodsky [Tue, 11 Feb 2014 18:41:42 +0000 (19:41 +0100)]
Added bug report by @bong0 for OpenVPN 2.3.2
Viktor Szakats [Wed, 5 Feb 2014 20:04:30 +0000 (21:04 +0100)]
more URLs converted to https
removed duplicate link to http://checktls.com in command-line tool section
openssl.net -> openssl.org + https
Adi Kriegisch [Mon, 3 Feb 2014 22:59:35 +0000 (23:59 +0100)]
added 'SSLStrictSNIVHostCheck off' to Apache SNI trick section
Adi Kriegisch [Mon, 3 Feb 2014 22:45:08 +0000 (23:45 +0100)]
fix 'typo'
Adi Kriegisch [Mon, 3 Feb 2014 22:36:48 +0000 (23:36 +0100)]
added SNI trick to catch old browsers (apache)
Adi Kriegisch [Mon, 3 Feb 2014 21:30:20 +0000 (22:30 +0100)]
added SNI trick to catch old browsers (nginx)
Aaron Zauner [Mon, 3 Feb 2014 11:06:03 +0000 (12:06 +0100)]
added tinc as per push request on GitHub by VanNostrand - reformatted to our TeX layout, got rid of text that won\'t make sense in the paper (openssl stuff, already mentioned a lot in the paper)
Aaron Zauner [Mon, 3 Feb 2014 10:36:27 +0000 (02:36 -0800)]
Merge pull request #48 from vszakats/use-more-https-urls
use https for all IETF URLs
Aaron Zauner [Mon, 3 Feb 2014 10:33:41 +0000 (02:33 -0800)]
Merge pull request #49 from berq/master
DBs.tex TODO
Alexander Wuerstlein [Sun, 2 Feb 2014 19:49:19 +0000 (20:49 +0100)]
Fix copy&paste error
Alexander Wuerstlein [Sun, 2 Feb 2014 19:47:38 +0000 (20:47 +0100)]
Fix copy&paste error
Alexander Wuerstlein [Sun, 2 Feb 2014 19:38:27 +0000 (20:38 +0100)]
Change "other protocols" to infrastructure recomm.
Give more general advice on a wider range of problems.
Changes suggested by pforai and azet.
Alexander Wuerstlein [Sun, 2 Feb 2014 19:37:45 +0000 (20:37 +0100)]
remark on passwords
Alexander Wuerstlein [Sun, 2 Feb 2014 19:27:57 +0000 (20:27 +0100)]
Change "other protocols" section to more general infrastructure recommendations
Alexander Wuerstlein [Sun, 2 Feb 2014 19:26:15 +0000 (20:26 +0100)]
Change "other protocols" section to more general infrastructure recommendations
berq [Thu, 30 Jan 2014 19:02:39 +0000 (20:02 +0100)]
s/IMB/IBM/
berq [Thu, 30 Jan 2014 18:58:37 +0000 (19:58 +0100)]
Done the things in the todo.md
Viktor Szakats [Thu, 30 Jan 2014 13:19:29 +0000 (14:19 +0100)]
use https for all IETF URLs
Pepi Zawodsky [Wed, 29 Jan 2014 20:09:52 +0000 (21:09 +0100)]
Added task for improving the wording of the mailing list site
Aaron Kaplan [Mon, 27 Jan 2014 09:09:15 +0000 (10:09 +0100)]
exclude ICS systems
Pepi Zawodsky [Tue, 21 Jan 2014 23:58:04 +0000 (00:58 +0100)]
TODO Bugfix: Apache should recommend redirect instead of rewrite.
Aaron Kaplan [Tue, 21 Jan 2014 00:29:26 +0000 (01:29 +0100)]
rm -f is as good as if [ -f ... ] ; then rm ...
Aaron Kaplan [Mon, 20 Jan 2014 23:26:54 +0000 (00:26 +0100)]
Merge branch 'master' of github.com:sebix/Applied-Crypto-Hardening into sebix-master
Aaron Kaplan [Mon, 20 Jan 2014 23:23:52 +0000 (00:23 +0100)]
Revert "Updated make clean to prevent incorrect failures"
This reverts commit
4a5f09431ac311fd13a553e03cf534903467daee.
Aaron Kaplan [Mon, 20 Jan 2014 23:21:10 +0000 (00:21 +0100)]
notes
Aaron Kaplan [Mon, 20 Jan 2014 22:21:23 +0000 (23:21 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Mon, 20 Jan 2014 22:21:11 +0000 (23:21 +0100)]
notes
Pepi Zawodsky [Mon, 20 Jan 2014 21:03:16 +0000 (22:03 +0100)]
Updated make clean to prevent incorrect failures
Aaron Kaplan [Mon, 20 Jan 2014 20:38:05 +0000 (21:38 +0100)]
notes
Aaron Kaplan [Mon, 20 Jan 2014 20:21:33 +0000 (21:21 +0100)]
keep notes
Aaron Kaplan [Mon, 20 Jan 2014 19:25:29 +0000 (20:25 +0100)]
don't forget things we said during the meeting. put it into TODO.md
Aaron Kaplan [Mon, 20 Jan 2014 18:53:16 +0000 (19:53 +0100)]
add feedback by Tobias pape
sebix [Mon, 20 Jan 2014 17:44:08 +0000 (18:44 +0100)]
Spell checking (used aspell, and dict.cc and wikipedia for reference)
sebix [Mon, 20 Jan 2014 17:41:57 +0000 (18:41 +0100)]
warning in SSH-section about connection problems (has also been requested on mailinglist)
Alexander Wuerstlein [Sun, 19 Jan 2014 13:36:22 +0000 (14:36 +0100)]
Merge branch 'master' into kerberos
Conflicts:
src/practical_settings/kerberos.tex
sebix [Sat, 18 Jan 2014 21:22:06 +0000 (22:22 +0100)]
Adjusting listing box margin, was too for using texlive 2013, I had 2012
sebix [Fri, 17 Jan 2014 21:53:37 +0000 (22:53 +0100)]
Revert paragraphDiamond
sebix [Fri, 17 Jan 2014 11:02:48 +0000 (12:02 +0100)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
and adjust the LaTeX code
Conflicts:
src/practical_settings/mailserver.tex
src/practical_settings/vpn.tex
Aaron Zauner [Fri, 17 Jan 2014 10:09:05 +0000 (02:09 -0800)]
Merge pull request #46 from oglueck/master
add Openswan
Ortwin Glück [Thu, 16 Jan 2014 16:16:09 +0000 (17:16 +0100)]
add Openswan
cm [Thu, 16 Jan 2014 14:09:57 +0000 (15:09 +0100)]
postfix: docs are wrong, loglevel must be >= 1
sebix [Sat, 11 Jan 2014 21:43:03 +0000 (22:43 +0100)]
Add information on ECDH-params for lighttpd
sebix [Sat, 11 Jan 2014 21:41:58 +0000 (22:41 +0100)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Sat, 11 Jan 2014 21:11:44 +0000 (22:11 +0100)]
minor change
Aaron Kaplan [Sat, 11 Jan 2014 21:10:33 +0000 (22:10 +0100)]
rename TODO.txt to TODO.md so that it is easier to read on github
sebix [Sat, 11 Jan 2014 21:03:56 +0000 (22:03 +0100)]
Correct merge Error: nginx: "as long as they are > 1024 bits"
sebix [Sat, 11 Jan 2014 20:24:55 +0000 (21:24 +0100)]
Merge remote-tracking branch 'upstream/master'
Aaron Kaplan [Sat, 11 Jan 2014 19:03:57 +0000 (20:03 +0100)]
Merge branch 'master' of https://git.bettercrypto.org/ach-master
Aaron Kaplan [Sat, 11 Jan 2014 19:03:35 +0000 (20:03 +0100)]
note about feedback: explain compression
git.bettercrypto.org / ach-master.git / log