/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-03-10 18:03:38 UTC
  • Revision ID: teddy@recompile.se-20150310180338-pcxw6r2qmw9k6br9
Add ":!RSA" to GnuTLS priority string, to disallow non-DHE kx.

If Mandos was somehow made to use a non-ephemeral Diffie-Hellman key
exchange algorithm in the TLS handshake, any saved network traffic
could then be decrypted later if the Mandos client key was obtained.
By default, Mandos uses ephemeral DH key exchanges which does not have
this problem, but a non-ephemeral key exchange algorithm was still
enabled by default.  The simplest solution is to simply turn that off,
which ensures that Mandos will always use ephemeral DH key exchanges.

There is a "PFS" priority string specifier, but we can't use it because:

1. Security-wise, it is a mix between "NORMAL" and "SECURE128" - it
   enables a lot more algorithms than "SECURE256".

2. It is only available since GnuTLS 3.2.4.

Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2012-05-26">
 
5
<!ENTITY TIMESTAMP "2015-01-25">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
36
36
      <year>2010</year>
37
37
      <year>2011</year>
38
38
      <year>2012</year>
 
39
      <year>2013</year>
39
40
      <holder>Teddy Hogeborn</holder>
40
41
      <holder>Björn Påhlsson</holder>
41
42
    </copyright>
103
104
      <sbr/>
104
105
      <arg><option>--socket
105
106
      <replaceable>FD</replaceable></option></arg>
 
107
      <sbr/>
 
108
      <arg><option>--foreground</option></arg>
 
109
      <sbr/>
 
110
      <arg><option>--no-zeroconf</option></arg>
106
111
    </cmdsynopsis>
107
112
    <cmdsynopsis>
108
113
      <command>&COMMANDNAME;</command>
231
236
        <term><option>--priority <replaceable>
232
237
        PRIORITY</replaceable></option></term>
233
238
        <listitem>
234
 
          <xi:include href="mandos-options.xml" xpointer="priority"/>
 
239
          <xi:include href="mandos-options.xml"
 
240
                      xpointer="priority_compat"/>
235
241
        </listitem>
236
242
      </varlistentry>
237
243
      
311
317
        </listitem>
312
318
      </varlistentry>
313
319
      
 
320
      <varlistentry>
 
321
        <term><option>--foreground</option></term>
 
322
        <listitem>
 
323
          <xi:include href="mandos-options.xml"
 
324
                      xpointer="foreground"/>
 
325
        </listitem>
 
326
      </varlistentry>
 
327
      
 
328
      <varlistentry>
 
329
        <term><option>--no-zeroconf</option></term>
 
330
        <listitem>
 
331
          <xi:include href="mandos-options.xml" xpointer="zeroconf"/>
 
332
        </listitem>
 
333
      </varlistentry>
 
334
      
314
335
    </variablelist>
315
336
  </refsect1>
316
337
  
506
527
        </listitem>
507
528
      </varlistentry>
508
529
      <varlistentry>
509
 
        <term><filename>/var/run/mandos.pid</filename></term>
 
530
        <term><filename>/run/mandos.pid</filename></term>
510
531
        <listitem>
511
532
          <para>
512
533
            The file containing the process id of the
513
534
            <command>&COMMANDNAME;</command> process started last.
 
535
            <emphasis >Note:</emphasis> If the <filename
 
536
            class="directory">/run</filename> directory does not
 
537
            exist, <filename>/var/run/mandos.pid</filename> will be
 
538
            used instead.
514
539
          </para>
515
540
        </listitem>
516
541
      </varlistentry>
561
586
      There is no fine-grained control over logging and debug output.
562
587
    </para>
563
588
    <para>
564
 
      Debug mode is conflated with running in the foreground.
565
 
    </para>
566
 
    <para>
567
589
      This server does not check the expire time of clients’ OpenPGP
568
590
      keys.
569
591
    </para>
685
707
      </varlistentry>
686
708
      <varlistentry>
687
709
        <term>
688
 
          <ulink url="http://www.gnu.org/software/gnutls/"
689
 
          >GnuTLS</ulink>
 
710
          <ulink url="http://gnutls.org/">GnuTLS</ulink>
690
711
        </term>
691
712
      <listitem>
692
713
        <para>
730
751
      </varlistentry>
731
752
      <varlistentry>
732
753
        <term>
733
 
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
734
 
          Protocol Version 1.1</citetitle>
 
754
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
 
755
          Protocol Version 1.2</citetitle>
735
756
        </term>
736
757
      <listitem>
737
758
        <para>
738
 
          TLS 1.1 is the protocol implemented by GnuTLS.
 
759
          TLS 1.2 is the protocol implemented by GnuTLS.
739
760
        </para>
740
761
      </listitem>
741
762
      </varlistentry>
751
772
      </varlistentry>
752
773
      <varlistentry>
753
774
        <term>
754
 
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
755
 
          Security</citetitle>
 
775
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
 
776
          Security (TLS) Authentication</citetitle>
756
777
        </term>
757
778
      <listitem>
758
779
        <para>