From 720dd2cbdb129d78cf7879762537a7fda7eb350b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Fri, 19 Jul 2024 11:31:40 +0200
Subject: [PATCH] doc: add links to weak Diffie-Hellman mitigation

---
 tasks/rosetta/configure_tomcat.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tasks/rosetta/configure_tomcat.yml b/tasks/rosetta/configure_tomcat.yml
index 247b1e3..701c1a3 100644
--- a/tasks/rosetta/configure_tomcat.yml
+++ b/tasks/rosetta/configure_tomcat.yml
@@ -19,6 +19,8 @@
     value: "{{ item.value }}"
   loop:
     # configure Tomcat crypto to mitigate against Greenbone OID: 1.3.6.1.4.1.25623.1.0.106223
+    # details at https://greenbone-server.fqdn.de/nvt/1.3.6.1.4.1.25623.1.0.106223
+    # mitigation config documented at https://weakdh.org/sysadmin.html
     - xpath: "/Server/Service/Connector[@port='8443']"
       attribute: "ciphers"
       value: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA"
-- 
GitLab