The branch, master has been updated via 5c27740aeff docs-xml: Add a section about weak crypto in testparm manpage from 4142bde7e52 s4: rename source4/smbd/ to source4/samba/
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 5c27740aeff273bcd5f027d36874e56170234146 Author: Andreas Schneider <a...@samba.org> Date: Fri Nov 27 11:22:15 2020 +0100 docs-xml: Add a section about weak crypto in testparm manpage BUG: https://bugzilla.samba.org/show_bug.cgi?id=14583 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Alexander Bokovoy <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Fri Nov 27 13:48:20 UTC 2020 on sn-devel-184 ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages/testparm.1.xml | 9 +++++++++ 1 file changed, 9 insertions(+) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/testparm.1.xml b/docs-xml/manpages/testparm.1.xml index 9099cda010f..7c7abf50e8b 100644 --- a/docs-xml/manpages/testparm.1.xml +++ b/docs-xml/manpages/testparm.1.xml @@ -171,6 +171,15 @@ errors and warnings if the file did not load. If the file was loaded OK, the program then dumps all known service details to stdout. </para> + + <para>For certain use cases, SMB protocol requires use of + cryptographic algorithms which are known to be weak and already + broken. DES and ARCFOUR (RC4) ciphers and the SHA1 and MD5 hash + algorithms are considered weak but they are required for backward + compatibility. The testparm utility shows whether the Samba tools + will fall back to these weak crypto algorithms if it is not possible + to use strong cryptography by default. + In FIPS mode weak crypto cannot be enabled.</para> </refsect1> -- Samba Shared Repository