[Pkg-samba-maint] Bug#975882: samba-common-bin: smb.conf testparm: Weak crypto is allowed
Andrew Bartlett
abartlet at samba.org
Thu Nov 26 17:45:42 GMT 2020
On Thu, 2020-11-26 at 20:55 +0800, Paul Wise wrote:
> On Thu, 2020-11-26 at 21:57 +1300, Andrew Bartlett wrote:
>
> > No, this is just a reflection of what mode GnuTLS is set to on your
> > system.
>
> Hmm, I haven't customised the GnuTLS config, so does that mean that
> Debian GnuTLS still allows some weak crypto? Should this be
> reassigned?
It all really depends on if you feel like breaking Samba or not. Weak
crypto makes the world go round.
The alternative is FIPS mode. If you enjoy that straight-jacket then
enabled FIPS mode in GnuTLS and some Samba things won't work. A fair
bit actually.
What should come of this bug is that the testparm output and associated
documentation needs to be much more verbose as to what this means, and
what the alternative would mean for a interoperable installation.
(And that needs to be an upstream bug and discussion really).
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
More information about the Pkg-samba-maint
mailing list