Skip to content

Commit

Permalink
Migrate Taskserver documentation to gbf.org
Browse files Browse the repository at this point in the history
  • Loading branch information
@lauft
lauft committed Jul 15, 2024
1 parent 7194ba2 commit 02fef35
Show file tree
Hide file tree
Showing 19 changed files with 1,394 additions and 0 deletions.
34 changes: 34 additions & 0 deletions content/taskd/docs/_index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
---
title: "Docs"
lang: en
layout: single
menu: taskd
---
{{< alert >}}Taskserver is deprecated and only compatible with Taskwarrior 2.x.{{< /alert >}}

{{< lead >}}Here is the complete set of Taskserver documentation.{{< /lead >}}

## Getting Started
* [Why Do I Need a Taskserver?](taskd/docs/why/)
* [Preparation](taskd/docs/preparation/)

## Installation
* [Installation from package](taskd/docs/install-package/)
* [Installation from tarball](taskd/docs/install-tarball/)
* [Installation from repository](taskd/docs/install-git/)

## Configuration & Usage
* [Server Configuration](taskd/docs/configure/)
* [Server Start/Stop](taskd/docs/control/)
* [Configure Taskwarrior](taskd/docs/taskwarrior/)
* [Add User to Server](taskd/docs/user/)
* [Syncing Taskwarrior](taskd/docs/sync/)
* [Cipher Selection](taskd/docs/ciphers/)
* [Protocol Selection](taskd/docs/protocol/)
* [Upgrading Taskserver](taskd/docs/upgrade/)
* [Troubleshooting Sync](taskd/docs/troubleshooting-sync/)
* [Taskserver Release History](taskd/docs/history/)

## Guides
- [Taskserver Setup Guide](https://gothenburgbitfactory.org/taskserver-setup/)
- [Taskserver Troubleshooting Guide](https://gothenburgbitfactory.org/taskserver-troubleshooting/)
244 changes: 244 additions & 0 deletions content/taskd/docs/ciphers.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,244 @@
---
title: "Taskwarrior - Taskserver Ciphers"
---
{{< alert >}}Taskserver is deprecated and only compatible with Taskwarrior 2.x.{{< /alert >}}

# Cipher Selection

By default, Taskserver {{< label >}}1.0.0{{< /label >}} uses the GnuTLS cipher set:

```
PERFORMANCE:%SERVER_PRECEDENCE
```

Taskserver {{< label >}}1.1.0{{< /label >}} and later uses this GnuTLS cipher set:

```
NORMAL
```

Taskwarrior uses:

```
NORMAL
```

You may wish to override these ciphers with a set that satisfies your security needs.
A vigilant Taskserver administrator may wish to respond to news of various cipher weaknesses.
For example, a more secure set would be to use only TLS 1.2 and these ciphers:

```
ECDHE-ECDSA-AES256-GCM-SHA384
```

If AES is later compromised, perhaps use:

```
DHE-RSA-CAMELLIA256-SHA
```

Should elliptical curves later be compromised, perhaps use:

```
DHE-RSA-AES256-SHA
```

You should be aware that this is a dynamic and volatile subject, and for the best security you need to be aware of vulnerabilities.

## Installed Ciphers

Use this command to see a list of installed ciphers, and run it on both the client and server machine to confirm that there is overlapping support between client and server.

```
$ gnutls-cli --list
Cipher suites:
TLS_RSA_NULL_MD5 0x00, 0x01 SSL3.0
TLS_RSA_NULL_SHA1 0x00, 0x02 SSL3.0
TLS_RSA_NULL_SHA256 0x00, 0x3b TLS1.0
TLS_RSA_ARCFOUR_128_SHA1 0x00, 0x05 SSL3.0
TLS_RSA_ARCFOUR_128_MD5 0x00, 0x04 SSL3.0
TLS_RSA_3DES_EDE_CBC_SHA1 0x00, 0x0a SSL3.0
TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0
TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0
TLS_RSA_CAMELLIA_128_CBC_SHA256 0x00, 0xba TLS1.0
TLS_RSA_CAMELLIA_256_CBC_SHA256 0x00, 0xc0 TLS1.0
TLS_RSA_CAMELLIA_128_CBC_SHA1 0x00, 0x41 SSL3.0
TLS_RSA_CAMELLIA_256_CBC_SHA1 0x00, 0x84 SSL3.0
TLS_RSA_AES_128_CBC_SHA256 0x00, 0x3c TLS1.0
TLS_RSA_AES_256_CBC_SHA256 0x00, 0x3d TLS1.0
TLS_RSA_AES_128_GCM_SHA256 0x00, 0x9c TLS1.2
TLS_RSA_AES_256_GCM_SHA384 0x00, 0x9d TLS1.2
TLS_RSA_CAMELLIA_128_GCM_SHA256 0xc0, 0x7a TLS1.2
TLS_RSA_CAMELLIA_256_GCM_SHA384 0xc0, 0x7b TLS1.2
TLS_RSA_SALSA20_256_SHA1 0xe4, 0x11 SSL3.0
TLS_RSA_SALSA20_256_UMAC96 0xe4, 0x31 SSL3.0
TLS_RSA_ESTREAM_SALSA20_256_SHA1 0xe4, 0x10 SSL3.0
TLS_RSA_ESTREAM_SALSA20_256_UMAC96 0xe4, 0x30 SSL3.0
TLS_DHE_DSS_ARCFOUR_128_SHA1 0x00, 0x66 SSL3.0
TLS_DHE_DSS_3DES_EDE_CBC_SHA1 0x00, 0x13 SSL3.0
TLS_DHE_DSS_AES_128_CBC_SHA1 0x00, 0x32 SSL3.0
TLS_DHE_DSS_AES_256_CBC_SHA1 0x00, 0x38 SSL3.0
TLS_DHE_DSS_CAMELLIA_128_CBC_SHA256 0x00, 0xbd TLS1.0
TLS_DHE_DSS_CAMELLIA_256_CBC_SHA256 0x00, 0xc3 TLS1.0
TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 0x00, 0x44 SSL3.0
TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 0x00, 0x87 SSL3.0
TLS_DHE_DSS_AES_128_CBC_SHA256 0x00, 0x40 TLS1.0
TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.0
TLS_DHE_DSS_AES_128_GCM_SHA256 0x00, 0xa2 TLS1.2
TLS_DHE_DSS_AES_256_GCM_SHA384 0x00, 0xa3 TLS1.2
TLS_DHE_DSS_CAMELLIA_128_GCM_SHA256 0xc0, 0x80 TLS1.2
TLS_DHE_DSS_CAMELLIA_256_GCM_SHA384 0xc0, 0x81 TLS1.2
TLS_DHE_RSA_3DES_EDE_CBC_SHA1 0x00, 0x16 SSL3.0
TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0
TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA256 0x00, 0xbe TLS1.0
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA256 0x00, 0xc4 TLS1.0
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 0x00, 0x45 SSL3.0
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 0x00, 0x88 SSL3.0
TLS_DHE_RSA_AES_128_CBC_SHA256 0x00, 0x67 TLS1.0
TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.0
TLS_DHE_RSA_AES_128_GCM_SHA256 0x00, 0x9e TLS1.2
TLS_DHE_RSA_AES_256_GCM_SHA384 0x00, 0x9f TLS1.2
TLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 0xc0, 0x7c TLS1.2
TLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 0xc0, 0x7d TLS1.2
TLS_ECDHE_RSA_NULL_SHA1 0xc0, 0x10 SSL3.0
TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 0xc0, 0x12 SSL3.0
TLS_ECDHE_RSA_AES_128_CBC_SHA1 0xc0, 0x13 SSL3.0
TLS_ECDHE_RSA_AES_256_CBC_SHA1 0xc0, 0x14 SSL3.0
TLS_ECDHE_RSA_AES_256_CBC_SHA384 0xc0, 0x28 TLS1.0
TLS_ECDHE_RSA_ARCFOUR_128_SHA1 0xc0, 0x11 SSL3.0
TLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256 0xc0, 0x76 TLS1.0
TLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 0xc0, 0x77 TLS1.0
TLS_ECDHE_ECDSA_NULL_SHA1 0xc0, 0x06 SSL3.0
TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 0xc0, 0x08 SSL3.0
TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 0xc0, 0x09 SSL3.0
TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 0xc0, 0x0a SSL3.0
TLS_ECDHE_ECDSA_ARCFOUR_128_SHA1 0xc0, 0x07 SSL3.0
TLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 0xc0, 0x72 TLS1.0
TLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 0xc0, 0x73 TLS1.0
TLS_ECDHE_ECDSA_AES_128_CBC_SHA256 0xc0, 0x23 TLS1.0
TLS_ECDHE_RSA_AES_128_CBC_SHA256 0xc0, 0x27 TLS1.0
TLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 0xc0, 0x86 TLS1.2
TLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 0xc0, 0x87 TLS1.2
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 0xc0, 0x2b TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2c TLS1.2
TLS_ECDHE_RSA_AES_128_GCM_SHA256 0xc0, 0x2f TLS1.2
TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.0
TLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 0xc0, 0x8a TLS1.2
TLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 0xc0, 0x8b TLS1.2
TLS_ECDHE_RSA_SALSA20_256_SHA1 0xe4, 0x13 SSL3.0
TLS_ECDHE_RSA_SALSA20_256_UMAC96 0xe4, 0x33 SSL3.0
TLS_ECDHE_ECDSA_SALSA20_256_SHA1 0xe4, 0x15 SSL3.0
TLS_ECDHE_ECDSA_SALSA20_256_UMAC96 0xe4, 0x35 SSL3.0
TLS_ECDHE_RSA_ESTREAM_SALSA20_256_SHA1 0xe4, 0x12 SSL3.0
TLS_ECDHE_RSA_ESTREAM_SALSA20_256_UMAC96 0xe4, 0x32 SSL3.0
TLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_SHA1 0xe4, 0x14 SSL3.0
TLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_UMAC96 0xe4, 0x34 SSL3.0
TLS_ECDHE_PSK_3DES_EDE_CBC_SHA1 0xc0, 0x34 SSL3.0
TLS_ECDHE_PSK_AES_128_CBC_SHA1 0xc0, 0x35 SSL3.0
TLS_ECDHE_PSK_AES_256_CBC_SHA1 0xc0, 0x36 SSL3.0
TLS_ECDHE_PSK_AES_128_CBC_SHA256 0xc0, 0x37 TLS1.0
TLS_ECDHE_PSK_AES_256_CBC_SHA384 0xc0, 0x38 TLS1.0
TLS_ECDHE_PSK_ARCFOUR_128_SHA1 0xc0, 0x33 SSL3.0
TLS_ECDHE_PSK_NULL_SHA256 0xc0, 0x3a TLS1.0
TLS_ECDHE_PSK_NULL_SHA384 0xc0, 0x3b TLS1.0
TLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256 0xc0, 0x9a TLS1.0
TLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384 0xc0, 0x9b TLS1.0
TLS_ECDHE_PSK_SALSA20_256_SHA1 0xe4, 0x19 SSL3.0
TLS_ECDHE_PSK_SALSA20_256_UMAC96 0xe4, 0x39 SSL3.0
TLS_ECDHE_PSK_ESTREAM_SALSA20_256_SHA1 0xe4, 0x18 SSL3.0
TLS_ECDHE_PSK_ESTREAM_SALSA20_256_UMAC96 0xe4, 0x38 SSL3.0
TLS_PSK_ARCFOUR_128_SHA1 0x00, 0x8a SSL3.0
TLS_PSK_3DES_EDE_CBC_SHA1 0x00, 0x8b SSL3.0
TLS_PSK_AES_128_CBC_SHA1 0x00, 0x8c SSL3.0
TLS_PSK_AES_256_CBC_SHA1 0x00, 0x8d SSL3.0
TLS_PSK_AES_128_CBC_SHA256 0x00, 0xae TLS1.0
TLS_PSK_AES_256_GCM_SHA384 0x00, 0xa9 TLS1.2
TLS_PSK_CAMELLIA_128_GCM_SHA256 0xc0, 0x8e TLS1.2
TLS_PSK_CAMELLIA_256_GCM_SHA384 0xc0, 0x8f TLS1.2
TLS_PSK_AES_128_GCM_SHA256 0x00, 0xa8 TLS1.2
TLS_PSK_NULL_SHA256 0x00, 0xb0 TLS1.0
TLS_PSK_CAMELLIA_128_CBC_SHA256 0xc0, 0x94 TLS1.0
TLS_PSK_CAMELLIA_256_CBC_SHA384 0xc0, 0x95 TLS1.0
TLS_PSK_SALSA20_256_SHA1 0xe4, 0x17 SSL3.0
TLS_PSK_SALSA20_256_UMAC96 0xe4, 0x37 SSL3.0
TLS_PSK_ESTREAM_SALSA20_256_SHA1 0xe4, 0x16 SSL3.0
TLS_PSK_ESTREAM_SALSA20_256_UMAC96 0xe4, 0x36 SSL3.0
TLS_PSK_AES_256_CBC_SHA384 0x00, 0xaf TLS1.0
TLS_PSK_NULL_SHA384 0x00, 0xb1 TLS1.0
TLS_RSA_PSK_ARCFOUR_128_SHA1 0x00, 0x92 SSL3.0
TLS_RSA_PSK_3DES_EDE_CBC_SHA1 0x00, 0x93 SSL3.0
TLS_RSA_PSK_AES_128_CBC_SHA1 0x00, 0x94 SSL3.0
TLS_RSA_PSK_AES_256_CBC_SHA1 0x00, 0x95 SSL3.0
TLS_RSA_PSK_CAMELLIA_128_GCM_SHA256 0xc0, 0x92 TLS1.2
TLS_RSA_PSK_CAMELLIA_256_GCM_SHA384 0xc0, 0x93 TLS1.2
TLS_RSA_PSK_AES_128_GCM_SHA256 0x00, 0xac TLS1.2
TLS_RSA_PSK_AES_128_CBC_SHA256 0x00, 0xb6 TLS1.0
TLS_RSA_PSK_NULL_SHA256 0x00, 0xb8 TLS1.0
TLS_RSA_PSK_AES_256_GCM_SHA384 0x00, 0xad TLS1.2
TLS_RSA_PSK_AES_256_CBC_SHA384 0x00, 0xb7 TLS1.0
TLS_RSA_PSK_NULL_SHA384 0x00, 0xb9 TLS1.0
TLS_RSA_PSK_CAMELLIA_128_CBC_SHA256 0xc0, 0x98 TLS1.0
TLS_RSA_PSK_CAMELLIA_256_CBC_SHA384 0xc0, 0x99 TLS1.0
TLS_DHE_PSK_ARCFOUR_128_SHA1 0x00, 0x8e SSL3.0
TLS_DHE_PSK_3DES_EDE_CBC_SHA1 0x00, 0x8f SSL3.0
TLS_DHE_PSK_AES_128_CBC_SHA1 0x00, 0x90 SSL3.0
TLS_DHE_PSK_AES_256_CBC_SHA1 0x00, 0x91 SSL3.0
TLS_DHE_PSK_AES_128_CBC_SHA256 0x00, 0xb2 TLS1.0
TLS_DHE_PSK_AES_128_GCM_SHA256 0x00, 0xaa TLS1.2
TLS_DHE_PSK_NULL_SHA256 0x00, 0xb4 TLS1.0
TLS_DHE_PSK_NULL_SHA384 0x00, 0xb5 TLS1.0
TLS_DHE_PSK_AES_256_CBC_SHA384 0x00, 0xb3 TLS1.0
TLS_DHE_PSK_AES_256_GCM_SHA384 0x00, 0xab TLS1.2
TLS_DHE_PSK_CAMELLIA_128_CBC_SHA256 0xc0, 0x96 TLS1.0
TLS_DHE_PSK_CAMELLIA_256_CBC_SHA384 0xc0, 0x97 TLS1.0
TLS_DHE_PSK_CAMELLIA_128_GCM_SHA256 0xc0, 0x90 TLS1.2
TLS_DHE_PSK_CAMELLIA_256_GCM_SHA384 0xc0, 0x91 TLS1.2
TLS_DH_ANON_ARCFOUR_128_MD5 0x00, 0x18 SSL3.0
TLS_DH_ANON_3DES_EDE_CBC_SHA1 0x00, 0x1b SSL3.0
TLS_DH_ANON_AES_128_CBC_SHA1 0x00, 0x34 SSL3.0
TLS_DH_ANON_AES_256_CBC_SHA1 0x00, 0x3a SSL3.0
TLS_DH_ANON_CAMELLIA_128_CBC_SHA256 0x00, 0xbf TLS1.0
TLS_DH_ANON_CAMELLIA_256_CBC_SHA256 0x00, 0xc5 TLS1.0
TLS_DH_ANON_CAMELLIA_128_CBC_SHA1 0x00, 0x46 SSL3.0
TLS_DH_ANON_CAMELLIA_256_CBC_SHA1 0x00, 0x89 SSL3.0
TLS_DH_ANON_AES_128_CBC_SHA256 0x00, 0x6c TLS1.0
TLS_DH_ANON_AES_256_CBC_SHA256 0x00, 0x6d TLS1.0
TLS_DH_ANON_AES_128_GCM_SHA256 0x00, 0xa6 TLS1.2
TLS_DH_ANON_AES_256_GCM_SHA384 0x00, 0xa7 TLS1.2
TLS_DH_ANON_CAMELLIA_128_GCM_SHA256 0xc0, 0x84 TLS1.2
TLS_DH_ANON_CAMELLIA_256_GCM_SHA384 0xc0, 0x85 TLS1.2
TLS_ECDH_ANON_NULL_SHA1 0xc0, 0x15 SSL3.0
TLS_ECDH_ANON_3DES_EDE_CBC_SHA1 0xc0, 0x17 SSL3.0
TLS_ECDH_ANON_AES_128_CBC_SHA1 0xc0, 0x18 SSL3.0
TLS_ECDH_ANON_AES_256_CBC_SHA1 0xc0, 0x19 SSL3.0
TLS_ECDH_ANON_ARCFOUR_128_SHA1 0xc0, 0x16 SSL3.0
TLS_SRP_SHA_3DES_EDE_CBC_SHA1 0xc0, 0x1a SSL3.0
TLS_SRP_SHA_AES_128_CBC_SHA1 0xc0, 0x1d SSL3.0
TLS_SRP_SHA_AES_256_CBC_SHA1 0xc0, 0x20 SSL3.0
TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 0xc0, 0x1c SSL3.0
TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 0xc0, 0x1b SSL3.0
TLS_SRP_SHA_DSS_AES_128_CBC_SHA1 0xc0, 0x1f SSL3.0
TLS_SRP_SHA_RSA_AES_128_CBC_SHA1 0xc0, 0x1e SSL3.0
TLS_SRP_SHA_DSS_AES_256_CBC_SHA1 0xc0, 0x22 SSL3.0
TLS_SRP_SHA_RSA_AES_256_CBC_SHA1 0xc0, 0x21 SSL3.0
Certificate types: CTYPE-X.509, CTYPE-OPENPGP
Protocols: VERS-SSL3.0, VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2, VERS-DTLS0.9, VERS-DTLS1.0, VERS-DTLS1.2
Ciphers: AES-256-CBC, AES-192-CBC, AES-128-CBC, AES-128-GCM, AES-256-GCM, ARCFOUR-128, ESTREAM-SALSA20-256, SALSA20-256, CAMELLIA-256-CBC, CAMELLIA-192-CBC, CAMELLIA-128-CBC, CAMELLIA-128-GCM, CAMELLIA-256-GCM, 3DES-CBC, DES-CBC, ARCFOUR-40, RC2-40
MACs: SHA1, MD5, SHA256, SHA384, SHA512, SHA224, UMAC-96, UMAC-128, AEAD
Digests: SHA1, MD5, SHA256, SHA384, SHA512, SHA224
Key exchange algorithms: ANON-DH, ANON-ECDH, RSA, DHE-RSA, DHE-DSS, ECDHE-RSA, ECDHE-ECDSA, SRP-DSS, SRP-RSA, SRP, PSK, RSA-PSK, DHE-PSK, ECDHE-PSK
Compression: COMP-DEFLATE, COMP-NULL
Elliptic curves: CURVE-SECP192R1, CURVE-SECP224R1, CURVE-SECP256R1, CURVE-SECP384R1, CURVE-SECP521R1
Public Key Systems: RSA, DSA, EC
PK-signatures: SIGN-RSA-SHA1, SIGN-RSA-SHA1, SIGN-RSA-SHA224, SIGN-RSA-SHA256, SIGN-RSA-SHA384, SIGN-RSA-SHA512, SIGN-RSA-RMD160, SIGN-DSA-SHA1, SIGN-DSA-SHA1, SIGN-DSA-SHA224, SIGN-DSA-SHA256, SIGN-RSA-MD5, SIGN-RSA-MD5, SIGN-RSA-MD2, SIGN-ECDSA-SHA1, SIGN-ECDSA-SHA224, SIGN-ECDSA-SHA256, SIGN-ECDSA-SHA384, SIGN-ECDSA-SHA512
```

This is example output, and it changes with GnuTLS releases.
Choose well.

## Configuration

Taskserver supports the `ciphers` configuration setting and Taskwarrior supports `taskd.ciphers` as a means to override the default set.
Loading

0 comments on commit 02fef35

Please sign in to comment.