-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
138 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
====================== | ||
|product| subscription | ||
====================== | ||
|
||
A |product| installation can be registerd to a public or private Dartagnan [#Dartagnan]_ instance, | ||
getting access to monitoring portal and stable update repositories. | ||
|
||
The |product| Subscription by Nethesis [#Nethesis]_ enables access to a public ready-to-use Dartagnan instance, | ||
along with immediate professional support services for your |product| deployments. | ||
|
||
Detailed info available: https://my.nethserver.com | ||
|
||
Register an installation | ||
======================== | ||
|
||
1. Access :guilabel:`Subscription` page from the Server Manager | ||
2. Click on :guilabel:`Subscribe` | ||
3. Login or register to https://my.nethserver.com to obtain a registration code | ||
4. Copy and paste the code inside the :guilabel:`Registration token` field | ||
5. Click on :guilabel:`Register now` button | ||
|
||
At the end, the subscription plan name and validity are reported inside the page. | ||
Monitoring and access to stable repositories are automatically enabeld. | ||
|
||
.. [#Dartagnan] Dartagnan documentation: https://nethesis.github.io/dartagnan/ | ||
.. [#Nethesis] Nethesis official site: http://www.nethesis.it |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
.. _tlspolicy-section: | ||
|
||
========== | ||
TLS policy | ||
========== | ||
|
||
The :guilabel:`TLS policy` page controls how individual services configure the | ||
Transport Layer Security (TLS) protocol, by selecting a *policy identifier*. | ||
|
||
Each module implementation decides how to implement a specific policy | ||
identifier, providing a trade off between security and client compatibility. | ||
Newer policies are biased towards security, whilst older ones provide better | ||
compatibility with old clients. | ||
|
||
The following sections describe each policy identifier. | ||
|
||
Policy ``2018-03-30`` | ||
--------------------- | ||
|
||
Apache | ||
* See https://bettercrypto.org/static/applied-crypto-hardening.pdf category B | ||
* Cipher suite :: | ||
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH | ||
* Disabled SSLv2 and SSLv3 | ||
|
||
Dovecot | ||
* See https://bettercrypto.org/static/applied-crypto-hardening.pdf category B | ||
* Cipher suite :: | ||
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA | ||
* Disabled SSLv2 and SSLv3 | ||
|
||
OpenSSH | ||
* See https://github.com/NethServer/nethserver-openssh/pull/6 | ||
* Configuration snippet :: | ||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr | ||
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 | ||
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 | ||
|
||
|
||
Policy ``Legacy`` | ||
----------------- | ||
|
||
Backward compatible settings, as implemented in |product| 7.4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
.. _TlsPolicyUi-section: | ||
|
||
========== | ||
TLS policy | ||
========== | ||
|
||
Enforced security level | ||
Configures the system services as described in the :ref:`tlspolicy-section` section |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters