/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-20 03:03:33 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 325.
  • Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte
Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2016-07-10">
 
5
<!ENTITY TIMESTAMP "2015-07-08">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
36
      <year>2012</year>
39
37
      <year>2013</year>
40
38
      <year>2014</year>
41
39
      <year>2015</year>
42
 
      <year>2016</year>
43
40
      <holder>Teddy Hogeborn</holder>
44
41
      <holder>Björn Påhlsson</holder>
45
42
    </copyright>
693
690
    </variablelist>
694
691
  </refsect1>
695
692
  
696
 
  <refsect1 id="bugs">
697
 
    <title>BUGS</title>
698
 
    <xi:include href="../bugs.xml"/>
699
 
  </refsect1>
 
693
<!--   <refsect1 id="bugs"> -->
 
694
<!--     <title>BUGS</title> -->
 
695
<!--     <para> -->
 
696
<!--     </para> -->
 
697
<!--   </refsect1> -->
700
698
  
701
699
  <refsect1 id="example">
702
700
    <title>EXAMPLE</title>
842
840
      </varlistentry>
843
841
      <varlistentry>
844
842
        <term>
845
 
          <ulink url="https://www.gnutls.org/">GnuTLS</ulink>
 
843
          <ulink url="http://www.gnu.org/software/gnutls/"
 
844
          >GnuTLS</ulink>
846
845
        </term>
847
846
      <listitem>
848
847
        <para>
854
853
      </varlistentry>
855
854
      <varlistentry>
856
855
        <term>
857
 
          <ulink url="https://www.gnupg.org/related_software/gpgme/"
 
856
          <ulink url="http://www.gnupg.org/related_software/gpgme/"
858
857
                 >GPGME</ulink>
859
858
        </term>
860
859
        <listitem>
898
897
      </varlistentry>
899
898
      <varlistentry>
900
899
        <term>
901
 
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
902
 
          Protocol Version 1.2</citetitle>
 
900
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
 
901
          Protocol Version 1.1</citetitle>
903
902
        </term>
904
903
      <listitem>
905
904
        <para>
906
 
          TLS 1.2 is the protocol implemented by GnuTLS.
 
905
          TLS 1.1 is the protocol implemented by GnuTLS.
907
906
        </para>
908
907
      </listitem>
909
908
      </varlistentry>
920
919
      </varlistentry>
921
920
      <varlistentry>
922
921
        <term>
923
 
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
 
922
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
924
923
          Security</citetitle>
925
924
        </term>
926
925
      <listitem>