Datenbank/Kryptografie: Unterschied zwischen den Versionen
Die Seite wurde neu angelegt: „== Databases == === MySQL === ==== Tested with Versions ==== * MySQL 5.5 on Debian Wheezy * MySQL 5.7.20 on Ubuntu 16.04.3 ==== Settings ==== ==== References ==== MySQL Documentation on [https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html Configuring MySQL to Use Encrypted Connections]. ==== How to test ==== After restarting the server run the following query to see if the ssl settings are correct: show variables like '%ssl%'; =…“ |
Keine Bearbeitungszusammenfassung |
||
| Zeile 74: | Zeile 74: | ||
To test your ssl settings, run <tt>psql</tt> with the sslmode parameter: | To test your ssl settings, run <tt>psql</tt> with the sslmode parameter: | ||
$ psql "sslmode=require host=postgres-server dbname=database" your-username | $ psql "sslmode=require host=postgres-server dbname=database" your-username | ||
[[Kategorie:Verschlüsselung:Best Practice]] | |||
[[Kategorie:Datenbank]] | |||
Version vom 5. Januar 2023, 12:16 Uhr
Databases
MySQL
Tested with Versions
- MySQL 5.5 on Debian Wheezy
- MySQL 5.7.20 on Ubuntu 16.04.3
Settings
References
MySQL Documentation on Configuring MySQL to Use Encrypted Connections.
How to test
After restarting the server run the following query to see if the ssl settings are correct: show variables like '%ssl%';
DB2
Tested with Version
We do not test this here, since we only reference other papers for DB2 so far.
Settings
ssl_cipherspecs:
In the link above the whole SSL-configuration is described in-depth. The following command shows only how to set the recommended ciphersuites.
- Recommended and supported ciphersuites
db2 update dbm cfg using SSL_CIPHERSPECS TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
References
IBM DB2 Documentation on Supported cipher suites.https://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.admin.sec.doc/doc/c0053544.html
PostgreSQL
Tested with Versions
- Debian Wheezy and PostgreSQL 9.1
- Linux Mint 14 nadia / Ubuntu 12.10 quantal with PostgreSQL 9.1+136 and OpenSSL 1.0.1c
Settings
To start in SSL mode the server.crt and server.key must exist in the servers data directory $PGDATA.
| Starting with version 9.2, you have the possibility to set the path manually. |
References
It’s recommended to read Security and Authentication in the manual. PostgreSQL Documentation on Secure TCP/IP Connections with SSL. PostgreSQL Documentation on Client Authentication.
How to test
To test your ssl settings, run psql with the sslmode parameter: $ psql "sslmode=require host=postgres-server dbname=database" your-username