[Pkg-samba-maint] Bug#975882: samba-common-bin: smb.conf testparm: Weak crypto is allowed
Yves-Alexis Perez
corsac at debian.org
Thu Nov 11 09:12:00 GMT 2021
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, 26 Nov 2020 20:55:15 +0800 Paul Wise <pabs at debian.org> wrote:
> On Thu, 2020-11-26 at 21:57 +1300, Andrew Bartlett wrote:
>
> > No, this is just a reflection of what mode GnuTLS is set to on your
> > system.
>
> Hmm, I haven't customised the GnuTLS config, so does that mean that
> Debian GnuTLS still allows some weak crypto? Should this be reassigned?
>
Since I had the same message I found this bug and the upstream bug, and dig a
bit. And indeed, it seems totally unrelated to the samba configuration:
https://sources.debian.org/src/samba/2:4.13.14+dfsg-1/source3/utils/testparm.c/#L763
https://sources.debian.org/src/samba/2:4.13.14+dfsg-1/lib/crypto/gnutls_weak_crypto.c/?hl=24#L24
testparm will report weak crypto as long as gnutls allows RC4 to be
initialized (even if for example smb.conf disables NTLM auth or something).
I have to admit I think this warning is poorly worded, even with the manpage
patch.
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmGM3mAACgkQ3rYcyPpX
RFtJrQgAkyuKILSLLQFodlvWYeUpwhv+r9ix8IUBWzOGiiiche3UoIXezGqTR/FF
X1+ESW+zGiUvIXuUD+aRG/xI4Pq+wAyUTG/oh63ql0pflAD0PaJUPLqedCluY26w
Te6B7Z0X5r9TtREIFCbBWadsxDhblNRKHJ9ENlLyCiSg1VXPP88Wk1eFhM5oyNbh
PYs0lRkYHYdNR0r5I9oOurOIzd5qIDFOyEGP2vNd37MV4Ms5eO5CcqZv6cIYjcHo
tHx1u8TSQdYwHQV+foOlMRjuxe9K+qUOpSr9Y6ofwABMMr7KwvTKMwJUE20a3poJ
nXHfAsNKVoKDYa2fkfAE150KHR5OXA==
=41mI
-----END PGP SIGNATURE-----
More information about the Pkg-samba-maint
mailing list