The branch, master has been updated
via 5c27740aeff docs-xml: Add a section about weak crypto in testparm
manpage
from 4142bde7e52 s4: rename source4/smbd/ to source4/samba/
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5c27740aeff273bcd5f027d36874e56170234146
Author: Andreas Schneider <a...@samba.org>
Date: Fri Nov 27 11:22:15 2020 +0100
docs-xml: Add a section about weak crypto in testparm manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14583
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Alexander Bokovoy <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Fri Nov 27 13:48:20 UTC 2020 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/testparm.1.xml | 9 +++++++++
1 file changed, 9 insertions(+)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/testparm.1.xml b/docs-xml/manpages/testparm.1.xml
index 9099cda010f..7c7abf50e8b 100644
--- a/docs-xml/manpages/testparm.1.xml
+++ b/docs-xml/manpages/testparm.1.xml
@@ -171,6 +171,15 @@
errors and warnings if the file did not load. If the file was
loaded OK, the program then dumps all known service details
to stdout. </para>
+
+ <para>For certain use cases, SMB protocol requires use of
+ cryptographic algorithms which are known to be weak and already
+ broken. DES and ARCFOUR (RC4) ciphers and the SHA1 and MD5 hash
+ algorithms are considered weak but they are required for backward
+ compatibility. The testparm utility shows whether the Samba tools
+ will fall back to these weak crypto algorithms if it is not possible
+ to use strong cryptography by default.
+ In FIPS mode weak crypto cannot be enabled.</para>
</refsect1>
--
Samba Shared Repository
