/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-20 03:03:33 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 325.
  • Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte
Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY CONFNAME "mandos.conf">
5
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
6
 
<!ENTITY TIMESTAMP "2023-04-30">
 
6
<!ENTITY TIMESTAMP "2015-07-20">
7
7
<!ENTITY % common SYSTEM "common.ent">
8
8
%common;
9
9
]>
34
34
    <copyright>
35
35
      <year>2008</year>
36
36
      <year>2009</year>
37
 
      <year>2010</year>
38
37
      <year>2011</year>
39
38
      <year>2012</year>
40
39
      <year>2013</year>
41
 
      <year>2014</year>
42
 
      <year>2015</year>
43
 
      <year>2016</year>
44
 
      <year>2017</year>
45
 
      <year>2018</year>
46
 
      <year>2019</year>
47
40
      <holder>Teddy Hogeborn</holder>
48
41
      <holder>Björn Påhlsson</holder>
49
42
    </copyright>
69
62
  <refsect1 id="description">
70
63
    <title>DESCRIPTION</title>
71
64
    <para>
72
 
      The file &CONFPATH; is a configuration file for
 
65
      The file &CONFPATH; is a simple configuration file for
73
66
      <citerefentry><refentrytitle>mandos</refentrytitle>
74
67
      <manvolnum>8</manvolnum></citerefentry>, and is read by it at
75
68
      startup.  The configuration file starts with <quote><literal
207
200
      built-in module <systemitem class="library">ConfigParser</systemitem>
208
201
      requires it.
209
202
    </para>
210
 
    <xi:include href="bugs.xml"/>
211
203
  </refsect1>
212
204
  
213
205
  <refsect1 id="example">
227
219
      <programlisting>
228
220
[DEFAULT]
229
221
# A configuration example
230
 
interface = enp1s0
 
222
interface = eth0
231
223
address = fe80::aede:48ff:fe71:f6f2
232
224
port = 1025
233
225
debug = True
234
 
priority = SECURE128:!CTYPE-X.509:+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3:%PROFILE_ULTRA
 
226
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA
235
227
servicename = Daena
236
228
use_dbus = False
237
229
use_ipv6 = True