Jens Roesen [Sat, 9 May 2015 15:08:22 +0000 (17:08 +0200)]
Minor edits
Jens Roesen [Sat, 9 May 2015 14:45:06 +0000 (16:45 +0200)]
Added name to acknowledgements
Jens Roesen [Sat, 9 May 2015 14:42:45 +0000 (16:42 +0200)]
Added IronPort Subsection
Aaron Kaplan [Fri, 8 May 2015 18:07:48 +0000 (20:07 +0200)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Fri, 8 May 2015 18:06:50 +0000 (20:06 +0200)]
minor corrections
Adi Kriegisch [Sun, 3 May 2015 11:07:05 +0000 (13:07 +0200)]
fix latex build (escape underscores in \emph)
Aaron Zauner [Thu, 9 Apr 2015 07:41:12 +0000 (09:41 +0200)]
Merge pull request #100 from FireFart/changes
remove $host variable, add some tested versions
Aaron Zauner [Tue, 7 Apr 2015 09:47:45 +0000 (11:47 +0200)]
Merge pull request #101 from sebix/tested-on-trusty
tested exim, postfix, dovecot and lighttpd with ubuntu 14.04
Aaron Zauner [Tue, 7 Apr 2015 09:47:04 +0000 (11:47 +0200)]
Merge pull request #103 from sebix/uncovered-sw
Uncovered software and more for further research
Sebastian Wagner [Sun, 5 Apr 2015 19:28:54 +0000 (21:28 +0200)]
tested with ubuntu 14.04
Aaron Zauner [Tue, 7 Apr 2015 09:38:11 +0000 (11:38 +0200)]
Merge pull request #104 from sebix/explain-postfix
Explain postfix settings for s2s & s2c connections
Aaron Zauner [Tue, 7 Apr 2015 09:33:09 +0000 (11:33 +0200)]
Merge pull request #102 from sebix/ignoretmp
gitignore: ignore tempoary files *~
Sebastian Wagner [Mon, 6 Apr 2015 15:35:25 +0000 (17:35 +0200)]
Explain postfix settings for s2s & s2c connections
As discussed in BetterCrypto/Applied-Crypto-Hardening#97
Sebastian Wagner [Sun, 5 Apr 2015 20:15:12 +0000 (22:15 +0200)]
Uncovered software and more for further research
Added some applications to the list of uncovered software, mainly inspired by messages on the mailinglist
Removed some applications from the same list which are definitely not in the scope of this paper
And added a new section of uncovered software, with a short note on the reason
Sebastian Wagner [Sun, 5 Apr 2015 20:00:56 +0000 (22:00 +0200)]
gitignore: ignore tempoary files *~
Christian Mehlmauer [Sun, 5 Apr 2015 08:09:21 +0000 (10:09 +0200)]
fix undefined reference J_BLACKHAT
Christian Mehlmauer [Sat, 4 Apr 2015 20:37:35 +0000 (22:37 +0200)]
change nginx config to $server_name
Christian Mehlmauer [Mon, 30 Mar 2015 15:12:23 +0000 (17:12 +0200)]
Dont use the $host variable in NGINX, it's user supplied data (HOST header)
Christian Mehlmauer [Mon, 30 Mar 2015 15:06:19 +0000 (17:06 +0200)]
add OpenSSH tested version
Pepi Zawodsky [Mon, 30 Mar 2015 00:48:26 +0000 (02:48 +0200)]
If there is a red line under it, check the speling.
Aaron Kaplan [Sun, 29 Mar 2015 20:48:10 +0000 (22:48 +0200)]
add picture back, but small
Aaron Kaplan [Sun, 29 Mar 2015 20:45:12 +0000 (22:45 +0200)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Sun, 29 Mar 2015 20:44:56 +0000 (22:44 +0200)]
Revert "fix image"
Take Pepi's version
This reverts commit
05faee9d935736df4ebb9b03000eea99a1847861.
Aaron Kaplan [Sun, 29 Mar 2015 20:44:41 +0000 (22:44 +0200)]
fix image
Pepi Zawodsky [Sun, 29 Mar 2015 20:41:35 +0000 (22:41 +0200)]
Removed Klaus Landefeld picture. Corrected Logo Link for cover slide.
Aaron Kaplan [Sun, 29 Mar 2015 20:37:01 +0000 (22:37 +0200)]
oops
Pepi Zawodsky [Sun, 29 Mar 2015 20:35:56 +0000 (22:35 +0200)]
Merge branch 'master' of github:BetterCrypto/Applied-Crypto-Hardening
Pepi Zawodsky [Sun, 29 Mar 2015 20:35:50 +0000 (22:35 +0200)]
Added Klaus Landefeld quote about End-to-End crypto.
Aaron Kaplan [Sun, 29 Mar 2015 20:35:06 +0000 (22:35 +0200)]
add brainstorming slide
Aaron Kaplan [Sun, 29 Mar 2015 20:21:49 +0000 (22:21 +0200)]
clarify DANE
Aaron Kaplan [Sun, 29 Mar 2015 20:18:44 +0000 (22:18 +0200)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Sun, 29 Mar 2015 20:18:22 +0000 (22:18 +0200)]
remove some slides at the end
Pepi Zawodsky [Sun, 29 Mar 2015 20:17:00 +0000 (22:17 +0200)]
Recommend OCSP stapling
Aaron Kaplan [Sun, 29 Mar 2015 20:14:00 +0000 (22:14 +0200)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Sun, 29 Mar 2015 20:13:48 +0000 (22:13 +0200)]
add sslyze & screenshots
Pepi Zawodsky [Sun, 29 Mar 2015 20:11:46 +0000 (22:11 +0200)]
Added VM recommendation for RNGs and caveat for cipher strings.
Pepi Zawodsky [Sun, 29 Mar 2015 20:02:31 +0000 (22:02 +0200)]
less defensive status statement.
Pepi Zawodsky [Sun, 29 Mar 2015 19:57:00 +0000 (21:57 +0200)]
Changed filename of SSLLas screenshot so LaTeX will not be confused by extension parsing.
Pepi Zawodsky [Sun, 29 Mar 2015 19:47:55 +0000 (21:47 +0200)]
Merge branch 'master' of github:BetterCrypto/Applied-Crypto-Hardening
Pepi Zawodsky [Sun, 29 Mar 2015 19:47:48 +0000 (21:47 +0200)]
Updated Screenshot for SSLLabs. Disable RC4.
Aaron Kaplan [Sun, 29 Mar 2015 19:45:08 +0000 (21:45 +0200)]
Merge branch 'master' of github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Sun, 29 Mar 2015 19:44:11 +0000 (21:44 +0200)]
add slides with questions for organisations how they can
achieve crypto deployment agility
Pepi Zawodsky [Sun, 29 Mar 2015 19:42:32 +0000 (21:42 +0200)]
Added new screenshot for SSLLabs test for bettercrypto.org
Pepi Zawodsky [Sun, 29 Mar 2015 19:23:07 +0000 (21:23 +0200)]
Changed date format to ISO8601
Aaron Kaplan [Sun, 29 Mar 2015 19:00:45 +0000 (21:00 +0200)]
add license
Aaron Kaplan [Sun, 29 Mar 2015 18:58:38 +0000 (20:58 +0200)]
initial slide deck for trainings
Aaron Zauner [Mon, 16 Mar 2015 16:08:46 +0000 (17:08 +0100)]
add comment on openvpn duplexing
Aaron Zauner [Mon, 16 Mar 2015 15:54:20 +0000 (16:54 +0100)]
Revert "comment-out OpenVPN, see GitHub #91"
This reverts commit
7b6fd17814acdbb2304ca3e84e99b02fe919abe6.
Aaron Zauner [Sat, 7 Mar 2015 16:25:15 +0000 (17:25 +0100)]
Merge pull request #99 from shotty1/master
Added -sha256 for generating keys
shotty1 [Sat, 7 Mar 2015 11:24:47 +0000 (12:24 +0100)]
Added -sha256 for generating keys
Please check if this is OK. It improved the ssllabs results for me, removing the warning about SHA1.
Aaron Zauner [Wed, 18 Feb 2015 18:45:16 +0000 (19:45 +0100)]
comment-out OpenVPN, see GitHub #91
Aaron Zauner [Wed, 18 Feb 2015 18:37:43 +0000 (19:37 +0100)]
Merge pull request #95 from sebix/cherokee-webserver
Adding section for cherokee webserver
Aaron Zauner [Wed, 18 Feb 2015 18:37:19 +0000 (19:37 +0100)]
Merge pull request #94 from sebix/stunnel
Adding stunnel section to proxies
Aaron Zauner [Wed, 18 Feb 2015 18:34:40 +0000 (19:34 +0100)]
Merge pull request #96 from BetterCrypto/revert-80-master
Revert "Adding prosody"
Aaron Zauner [Wed, 18 Feb 2015 18:34:30 +0000 (19:34 +0100)]
Revert "Adding prosody"
Sebastian Wagner [Wed, 18 Feb 2015 11:12:42 +0000 (12:12 +0100)]
Adding section for cherokee webserver
Sebastian Wagner [Fri, 13 Feb 2015 09:42:23 +0000 (10:42 +0100)]
Adding stunnel section to proxies
Aaron Zauner [Fri, 13 Feb 2015 06:49:29 +0000 (07:49 +0100)]
Merge pull request #92 from sebix/master
Add certificate chain files to configs of apache and lighttpd
Aaron Zauner [Fri, 13 Feb 2015 06:49:10 +0000 (07:49 +0100)]
Merge pull request #93 from
2001db8/master
Corrected the link for the SSL Labs Best Practices Guide
Jens Roesen [Fri, 6 Feb 2015 14:32:25 +0000 (15:32 +0100)]
Corrected link for SSL Labs Best Practices Guide
Link was 404. Changed it for a working one pointing to version 1.3 of
the guide.
Aaron Zauner [Sat, 24 Jan 2015 23:06:57 +0000 (00:06 +0100)]
Merge pull request #83 from DigNative/pdfmapfile
Modifying `\pdfmapfile' modifiers to not issue warnings on duplicate font map entries anymore.
Aaron Zauner [Sat, 24 Jan 2015 23:06:47 +0000 (00:06 +0100)]
Merge pull request #85 from DigNative/neboltai-jpg
File `neboltai.png` is actually a JPG file.
Aaron Zauner [Sat, 24 Jan 2015 23:04:59 +0000 (00:04 +0100)]
Merge pull request #84 from DigNative/ignore-configfiles
Adding `/src/configfiles.txt` to ignore list.
Sebastian Wagner [Sat, 24 Jan 2015 13:00:08 +0000 (14:00 +0100)]
Add cert chains for apache and lighttpd
Aaron Zauner [Fri, 12 Dec 2014 20:25:54 +0000 (21:25 +0100)]
Merge pull request #87 from julianladisch/Header-always-add
HSTS Apache: Header always add/set
julianladisch [Fri, 12 Dec 2014 15:46:21 +0000 (16:46 +0100)]
HSTS Apache: Header always add/set
Add "always" as Redirections and "Forbidden" pages should also get HSTS:
https://httpd.apache.org/docs/2.4/mod/mod_headers.html
Replace "add" by "set" to prevent adding a second HSTS field: "If an STS
header field is included, the HSTS Host MUST include only one such
header field." https://tools.ietf.org/html/rfc6797#section-7.1
Aaron Zauner [Fri, 12 Dec 2014 15:02:31 +0000 (16:02 +0100)]
Merge pull request #86 from julianladisch/Header-always-set
HSTS Apache: Header always set
julianladisch [Fri, 12 Dec 2014 14:58:02 +0000 (15:58 +0100)]
HSTS Apache: Header always set
Redirections and "Forbidden" pages should also get HSTS.
Aaron Zauner [Sun, 16 Nov 2014 15:34:57 +0000 (16:34 +0100)]
fixed path for prosody (#81)
Aaron Kaplan [Mon, 10 Nov 2014 19:50:41 +0000 (20:50 +0100)]
path was wrong
Aaron Kaplan [Mon, 10 Nov 2014 19:44:18 +0000 (20:44 +0100)]
removed the supporting older clients as requested by Adi .
Why? Because the POODLE killed it ;-)
Older clients which do not support SNI can't speak TLSv1.0 and above.
We don't support SSLv3 anymore anyway.
Aaron Kaplan [Mon, 10 Nov 2014 19:11:16 +0000 (20:11 +0100)]
Merge github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Mon, 10 Nov 2014 19:06:45 +0000 (20:06 +0100)]
minor
René Schwarz [Sat, 8 Nov 2014 22:26:21 +0000 (23:26 +0100)]
File `neboltai.png` is actually a JPG file.
A `file src/neboltai.png` reveals that this file is actually a JPG file:
$ file neboltai.png
neboltai.png: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1596x2225, frames 3
Changed extension accordingly.
René Schwarz [Sat, 8 Nov 2014 17:58:46 +0000 (18:58 +0100)]
Adding `/src/configfiles.txt` to ignore list.
The `/src/common/configfiles.tex` file creates the file `/src/configfiles.txt` during compilation, which is an auxiliary file containing all config files used/existing (I am not sure). However, this file should not be committed to the repository, at it is an auxiliary file created during compilation.
René Schwarz [Sat, 8 Nov 2014 17:46:11 +0000 (18:46 +0100)]
Modifying `\pdfmapfile' modifiers to not issue warnings on duplicate font map entries anymore.
When tried to compile the document on a Windows machine using latest MiKTeX and recent versions of all LaTeX packages included in the full installation, one can notice around 150 warnings thrown because the `system.tex' file contains two lines to include the font map files of `SourceCodePro' and `opensans' using the `\pdfmapfile' command. Because the modifier `+' is used, warnings are thrown for each font map which is already included by default for the document.
IMHO it is better to use the `=' modifier, which changes the behavior a little bit: The `+' modifier reads the specified font map and ignores all duplicate font map entries (a warning is issued), while the `=' modifier reads the specified font map and replaces matching font map entries with the new entries (no warning issued). I think this is the desired behavior.
For additional information refer to the PDFTeX documentation (`pdftex-a.pdf', r655 as of November 23, 2010) on pages 24 et seq.
Aaron Zauner [Thu, 6 Nov 2014 19:09:23 +0000 (20:09 +0100)]
remove tlsv1 exclusion
AaronK [Thu, 6 Nov 2014 06:19:01 +0000 (07:19 +0100)]
Merge pull request #82 from stasic/patch-3
added ubuntu 14.10
Arsen Stasic [Wed, 5 Nov 2014 19:49:25 +0000 (20:49 +0100)]
added ubuntu 14.10
Aaron Zauner [Wed, 5 Nov 2014 13:38:12 +0000 (14:38 +0100)]
Merge pull request #80 from MeikoDis/master
Adding prosody
MeikoDis [Wed, 5 Nov 2014 13:31:03 +0000 (13:31 +0000)]
Text adjusted.
MeikoDis [Wed, 5 Nov 2014 09:44:28 +0000 (09:44 +0000)]
Recommended Cipherstring
MeikoDis [Wed, 5 Nov 2014 00:08:38 +0000 (00:08 +0000)]
RC4, SHA1 and MD5
MeikoDis [Wed, 5 Nov 2014 00:03:42 +0000 (00:03 +0000)]
Correction2
MeikoDis [Tue, 4 Nov 2014 23:59:38 +0000 (23:59 +0000)]
Correction
MeikoDis [Tue, 4 Nov 2014 23:54:14 +0000 (23:54 +0000)]
Ciphers, curve and depth added
MeikoDis [Tue, 4 Nov 2014 22:53:43 +0000 (22:53 +0000)]
Merge branch 'master' of github.com:MeikoDis/Applied-Crypto-Hardening
Aaron Zauner [Sun, 2 Nov 2014 00:00:35 +0000 (01:00 +0100)]
Merge https://github.com/BetterCrypto/Applied-Crypto-Hardening
Aaron Zauner [Sun, 2 Nov 2014 00:00:29 +0000 (01:00 +0100)]
Merge pull request #77 from DigNative/master
Document did not compile under Windows, typo fixes
Aaron Zauner [Sat, 1 Nov 2014 23:59:51 +0000 (00:59 +0100)]
Merge https://github.com/DigNative/Applied-Crypto-Hardening
Aaron Zauner [Sat, 1 Nov 2014 23:58:28 +0000 (00:58 +0100)]
Merge pull request #78 from chdorb/patch-1
Update webserver.tex
Aaron Zauner [Sat, 1 Nov 2014 23:57:51 +0000 (00:57 +0100)]
Merge pull request #70 from blakefrantz/master
fixed small typos in IIS section
Aaron Zauner [Sat, 1 Nov 2014 23:56:23 +0000 (00:56 +0100)]
Merge pull request #71 from oparoz/patch-1
Wrong verb for HSTS header
AaronK [Tue, 28 Oct 2014 22:57:00 +0000 (23:57 +0100)]
Merge pull request #79 from stasic/patch-2
added freebsd 10
Thx Arsen!
Arsen Stasic [Tue, 28 Oct 2014 21:23:21 +0000 (22:23 +0100)]
added freebsd 10
added ssh signature for freebsd 10
chdorb [Thu, 23 Oct 2014 12:33:23 +0000 (14:33 +0200)]
Update webserver.tex
Just a little lack of conjugation.
David Durvaux [Wed, 22 Oct 2014 07:37:15 +0000 (09:37 +0200)]
Change email address
Aaron Zauner [Tue, 21 Oct 2014 08:10:35 +0000 (10:10 +0200)]
add all the things
Aaron Zauner [Tue, 21 Oct 2014 07:57:01 +0000 (09:57 +0200)]
add summary paper on curves progress within CFRG
Aaron Zauner [Tue, 21 Oct 2014 07:55:01 +0000 (09:55 +0200)]
add slides on IETF