/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-20 03:03:33 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 325.
  • Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte
Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2018-02-08">
 
5
<!ENTITY TIMESTAMP "2015-07-08">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
36
      <year>2012</year>
39
37
      <year>2013</year>
40
38
      <year>2014</year>
41
39
      <year>2015</year>
42
 
      <year>2016</year>
43
 
      <year>2017</year>
44
 
      <year>2018</year>
45
40
      <holder>Teddy Hogeborn</holder>
46
41
      <holder>Björn Påhlsson</holder>
47
42
    </copyright>
695
690
    </variablelist>
696
691
  </refsect1>
697
692
  
698
 
  <refsect1 id="bugs">
699
 
    <title>BUGS</title>
700
 
    <xi:include href="../bugs.xml"/>
701
 
  </refsect1>
 
693
<!--   <refsect1 id="bugs"> -->
 
694
<!--     <title>BUGS</title> -->
 
695
<!--     <para> -->
 
696
<!--     </para> -->
 
697
<!--   </refsect1> -->
702
698
  
703
699
  <refsect1 id="example">
704
700
    <title>EXAMPLE</title>
844
840
      </varlistentry>
845
841
      <varlistentry>
846
842
        <term>
847
 
          <ulink url="https://www.gnutls.org/">GnuTLS</ulink>
 
843
          <ulink url="http://www.gnu.org/software/gnutls/"
 
844
          >GnuTLS</ulink>
848
845
        </term>
849
846
      <listitem>
850
847
        <para>
856
853
      </varlistentry>
857
854
      <varlistentry>
858
855
        <term>
859
 
          <ulink url="https://www.gnupg.org/related_software/gpgme/"
 
856
          <ulink url="http://www.gnupg.org/related_software/gpgme/"
860
857
                 >GPGME</ulink>
861
858
        </term>
862
859
        <listitem>
900
897
      </varlistentry>
901
898
      <varlistentry>
902
899
        <term>
903
 
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
904
 
          Protocol Version 1.2</citetitle>
 
900
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
 
901
          Protocol Version 1.1</citetitle>
905
902
        </term>
906
903
      <listitem>
907
904
        <para>
908
 
          TLS 1.2 is the protocol implemented by GnuTLS.
 
905
          TLS 1.1 is the protocol implemented by GnuTLS.
909
906
        </para>
910
907
      </listitem>
911
908
      </varlistentry>
922
919
      </varlistentry>
923
920
      <varlistentry>
924
921
        <term>
925
 
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
 
922
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
926
923
          Security</citetitle>
927
924
        </term>
928
925
      <listitem>