/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to INSTALL

  • Committer: Teddy Hogeborn
  • Date: 2015-07-20 03:03:33 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 325.
  • Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte
Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

Show diffs side-by-side

added added

removed removed

Lines of Context:
4
4
  
5
5
** Operating System
6
6
   
7
 
   Debian 8.0 "jessie" or Ubuntu 15.10 "Wily Werewolf" (or later).
 
7
   Debian 6.0 "squeeze" or Ubuntu 10.10 "Maverick Meerkat" (or later).
8
8
   
9
9
   This is mostly for the support scripts which make sure that the
10
10
   client is installed and started in the initial RAM disk environment
38
38
    "man -l mandos.8".
39
39
    
40
40
*** Mandos Server
41
 
    + GnuTLS 3.3          http://www.gnutls.org/
 
41
    + GnuTLS 2.4          http://www.gnutls.org/
 
42
      Note: GnuTLS 3 will only work with Python-GnuTLS 2
42
43
    + Avahi 0.6.16        http://www.avahi.org/
43
44
    + Python 2.7          https://www.python.org/
 
45
    + Python-GnuTLS 1.1.5 https://pypi.python.org/pypi/python-gnutls/
44
46
    + dbus-python 0.82.4  http://dbus.freedesktop.org/doc/dbus-python/
45
47
    + PyGObject 2.14.2    https://developer.gnome.org/pygobject/
46
48
    + pkg-config  http://www.freedesktop.org/wiki/Software/pkg-config/
52
54
    + ssh-keyscan from OpenSSH http://www.openssh.com/
53
55
    
54
56
    Package names:
55
 
    avahi-daemon python python-avahi python-dbus python-gobject
56
 
    python-urwid pkg-config fping ssh-client
 
57
    python-gnutls avahi-daemon python python-avahi python-dbus
 
58
    python-gobject python-urwid pkg-config fping ssh-client
57
59
    
58
60
*** Mandos Client
59
 
    + GNU C Library 2.16 https://gnu.org/software/libc/
60
61
    + initramfs-tools 0.85i
61
62
                        https://tracker.debian.org/pkg/initramfs-tools
62
 
    + GnuTLS 3.3        http://www.gnutls.org/
 
63
    + GnuTLS 2.4        http://www.gnutls.org/
63
64
    + Avahi 0.6.16      http://www.avahi.org/
64
65
    + GnuPG 1.4.9       https://www.gnupg.org/
65
66
    + GPGME 1.1.6       https://www.gnupg.org/related_software/gpgme/