/mandos/release

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

Committer: Teddy Hogeborn
Date: 2015-07-20 03:03:33 UTC
mto: (237.7.594 trunk)
mto: This revision was merged to the branch mainline in revision 325.
Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte

Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

files removed:
bugs.xml

tmpfiles.d-mandos.conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

README

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.postinst

debian/rules

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.xml

2

2

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

3

3

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

4

4

<!ENTITY COMMANDNAME "mandos-client">

5

<!ENTITY TIMESTAMP "2016-07-10">

5

<!ENTITY TIMESTAMP "2015-07-08">

6

6

<!ENTITY % common SYSTEM "../common.ent">

7

7

%common;

8

8

]>

33

33

<copyright>

34

34

<year>2008</year>

35

35

<year>2009</year>

36

<year>2010</year>

37

<year>2011</year>

38

36

<year>2012</year>

39

37

<year>2013</year>

40

38

<year>2014</year>

41

39

<year>2015</year>

42

<year>2016</year>

43

40

<holder>Teddy Hogeborn</holder>

44

41

<holder>Björn Påhlsson</holder>

45

42

</copyright>

693

690

</variablelist>

694

691

</refsect1>

695

692

696

<refsect1 id="bugs">

697

<title>BUGS</title>

698

<xi:include href="../bugs.xml"/>

699

</refsect1>

693

694

695

696

697

700

698

701

699

<refsect1 id="example">

702

700

<title>EXAMPLE</title>

842

840

</varlistentry>

843

841

<varlistentry>

844

842

<term>

845

<ulink url="https://www.gnutls.org/">GnuTLS</ulink>

843

<ulink url="http://www.gnu.org/software/gnutls/"

844

>GnuTLS</ulink>

846

845

</term>

847

846

<listitem>

848

847

<para>

854

853

</varlistentry>

855

854

<varlistentry>

856

855

<term>

857

<ulink url="https://www.gnupg.org/related_software/gpgme/"

856

<ulink url="http://www.gnupg.org/related_software/gpgme/"

858

857

>GPGME</ulink>

859

858

</term>

860

859

<listitem>

898

897

</varlistentry>

899

898

<varlistentry>

900

899

<term>

901

RFC 5246: <citetitle>The Transport Layer Security (TLS)

902

Protocol Version 1.2</citetitle>

900

RFC 4346: <citetitle>The Transport Layer Security (TLS)

901

Protocol Version 1.1</citetitle>

903

902

</term>

904

903

<listitem>

905

904

<para>

906

TLS 1.2 is the protocol implemented by GnuTLS.

905

TLS 1.1 is the protocol implemented by GnuTLS.

907

906

</para>

908

907

</listitem>

909

908

</varlistentry>

920

919

</varlistentry>

921

920

<varlistentry>

922

921

<term>

923

RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer

922

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

924

923

Security</citetitle>

925

924

</term>

926

925

<listitem>

Older »