/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-options.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-01-25 00:02:51 UTC
  • Revision ID: teddy@recompile.se-20150125000251-j2bw50gfq9smqyxe
mandos.xml (SEE ALSO): Update links.

Update link to GnuPG home page, change reference from TLS 1.1 to TLS
1.2, and change to latest RFC for using OpenPGP keys with TLS (and use
its correct title).

Show diffs side-by-side

added added

removed removed

Lines of Context:
46
46
    <emphasis>not</emphasis> run in debug mode.
47
47
  </para>
48
48
  
 
49
  <para id="priority_compat">
 
50
    GnuTLS priority string for the <acronym>TLS</acronym> handshake.
 
51
    The default is <quote><literal
 
52
    >SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:+SIGN-RSA-SHA224:</literal>
 
53
    <literal>+SIGN-RSA-RMD160</literal></quote>.
 
54
    See <citerefentry><refentrytitle
 
55
    >gnutls_priority_init</refentrytitle>
 
56
    <manvolnum>3</manvolnum></citerefentry> for the syntax.
 
57
    <emphasis>Warning</emphasis>: changing this may make the
 
58
    <acronym>TLS</acronym> handshake fail, making server-client
 
59
    communication impossible.
 
60
  </para>
 
61
  
49
62
  <para id="priority">
50
63
    GnuTLS priority string for the <acronym>TLS</acronym> handshake.
51
 
    The default is
52
 
    <!-- &#x200b; is Unicode ZERO WIDTH SPACE; allows line breaks -->
53
 
    <quote><literal>SECURE128&#x200b;:!CTYPE-X.509&#x200b;:+CTYPE-RAWPK&#x200b;:!RSA&#x200b;:!VERS-ALL&#x200b;:+VERS-TLS1.3&#x200b;:%PROFILE_ULTRA</literal></quote>
54
 
    when using raw public keys in TLS, and
55
 
    <quote><literal>SECURE256&#x200b;:!CTYPE-X.509&#x200b;:+CTYPE-OPENPGP&#x200b;:!RSA&#x200b;:+SIGN-DSA-SHA256</literal></quote>
56
 
    when using OpenPGP keys in TLS,.  See <citerefentry><refentrytitle
57
 
    >gnutls_priority_init</refentrytitle>
 
64
    The default is <quote><literal
 
65
    >SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP</literal></quote>.  See
 
66
    <citerefentry><refentrytitle >gnutls_priority_init</refentrytitle>
58
67
    <manvolnum>3</manvolnum></citerefentry> for the syntax.
59
68
    <emphasis>Warning</emphasis>: changing this may make the
60
69
    <acronym>TLS</acronym> handshake fail, making server-client
61
 
    communication impossible.  Changing this option may also make the
62
 
    network traffic decryptable by an attacker.
 
70
    communication impossible.
63
71
  </para>
64
72
  
65
73
  <para id="servicename">