Datenbank/Kryptografie

Aus Foxwiki
Version vom 5. Januar 2023, 12:15 Uhr von Dirkwagner (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „== Databases == === MySQL === ==== Tested with Versions ==== * MySQL 5.5 on Debian Wheezy * MySQL 5.7.20 on Ubuntu 16.04.3 ==== Settings ==== ==== References ==== MySQL Documentation on [https://dev.mysql.com/doc/refman/5.7/en/using-encrypted-connections.html Configuring MySQL to Use Encrypted Connections]. ==== How to test ==== After restarting the server run the following query to see if the ssl settings are correct: show variables like '%ssl%'; =…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)

Databases

MySQL

Tested with Versions

  • MySQL 5.5 on Debian Wheezy
  • MySQL 5.7.20 on Ubuntu 16.04.3

Settings

References

MySQL Documentation on Configuring MySQL to Use Encrypted Connections.

How to test

After restarting the server run the following query to see if the ssl settings are correct: show variables like '%ssl%';

DB2

Tested with Version

We do not test this here, since we only reference other papers for DB2 so far.

Settings

ssl_cipherspecs:

In the link above the whole SSL-configuration is described in-depth. The following command shows only how to set the recommended ciphersuites.

Recommended and supported ciphersuites

db2 update dbm cfg using SSL_CIPHERSPECS TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

References

IBM DB2 Documentation on Supported cipher suites.https://www.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.admin.sec.doc/doc/c0053544.html

PostgreSQL

Tested with Versions

  • Debian Wheezy and PostgreSQL 9.1
  • Linux Mint 14 nadia / Ubuntu 12.10 quantal with PostgreSQL 9.1+136 and OpenSSL 1.0.1c

Settings

To start in SSL mode the server.crt and server.key must exist in the servers data directory $PGDATA.

Starting with version 9.2, you have the possibility to set the path manually.

References

It’s recommended to read Security and Authentication in the manual. PostgreSQL Documentation on Secure TCP/IP Connections with SSL. PostgreSQL Documentation on Client Authentication.

How to test

To test your ssl settings, run psql with the sslmode parameter: $ psql "sslmode=require host=postgres-server dbname=database" your-username