# [Ach] postgresql diff

Berg San bs at cyontris.eu
Wed Nov 27 20:52:31 CET 2013

On 11/26/2013 08:21 PM, L. Aaron Kaplan wrote:

[...]
> Thanks!! Fantastic. It's really a joy to read this section. It's precise, short, quick to reed, I have all the info that I need and it works.

Thx!

I've attached a small diff:
.) %s/client-/server-/

> What about the other DBs? Do you think we can still make this? Anybody here with Oracle experience, can someone test Oracle settings? The T-Systems hardening guide has multiple pages on Oracle. Some of them related to crypto.

I can't promise, but I have a contact to a DB2 dba.

Cheers
Berg

-------------- next part --------------
diff --git a/src/practical_settings/DBs.tex b/src/practical_settings/DBs.tex
index 06c5c83..1c14cd8 100644
--- a/src/practical_settings/DBs.tex
+++ b/src/practical_settings/DBs.tex
@@ -24,8 +24,8 @@
[mysqld]
ssl
ssl-ca=/etc/mysql/ssl/ca-cert.pem
-ssl-cert=/etc/mysql/ssl/client-cert.pem
-ssl-key=/etc/mysql/ssl/client-key.pem
+ssl-cert=/etc/mysql/ssl/server-cert.pem
+ssl-key=/etc/mysql/ssl/server-key.pem
ssl-cipher=EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256:EECDH:EDH+aRSA:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!AES128:!CAMELLIA128:!ECDSA:AES256-SHA
\end{lstlisting}

@@ -37,8 +37,7 @@ ssl-cipher=EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EDH+CAMELLIA256
% in case you have the need for further justifications why you chose this and that setting or if the settings do not fit into the standard Variant A or Variant B schema, please document this here

\item[References:]
-