On Tue, 27 Oct 2020 at 07:42, Owen Evans <oev...@sciencelogic.com> wrote:
> Package: snmp > Version: 5.9+dfsg-3-silo > This isn't a valid Debian version. Blumenthal AES, in spite of being a 'draft' part of the SNMP Standard, > is becoming widely implemented by many vendors. It is the main way to > have strong encryption in connection with SNMPv3. Debian should include > the --enable-blumenthal-aes option added around line 53 of debian/rules > so that it is used when invoking the ./configure script from the > upstream source package. > Are you sure the Debian packages don't already have this enabled? Also, that flag doesn't exist in 5.9 of net-snmp ./configure --enable-blumenthal-aes configure: WARNING: unrecognized options: --enable-blumenthal-aes The draft standard seems to be all about enabling AES, or as the draft states: 1)Provide a set of new privacy protocols for USM based on the Advanced Encryption Standard. Output of the build system shows AES is actually there: Crypto support from: crypto Authentication support: MD5 SHA1 SHA224 SHA256 SHA384 SHA512 Encryption support: DES AES AES128 AES192 AES192C AES256 AES256C So I'm a bit confused about what is not enabled and why your configure option works. The --with-openssl and having openssl 0.9.7 or later will do it. - Craig