To be absolutely clear: this only changes the defaults and only means
that people using snmp(1) against appliances with crappy digest/cipher
need to specify the crappy parameters via -a and -x. They will continue
to keep working.
In a similar fashion people using clients that don't support AES or
On 2019/10/28 08:02, Martijn van Duren wrote:
> At the moment we are neither consistent nor really secure in what we
> offer by default for snmp. For snmp(1) we default to MD-5 and DES and
> for snmpd(8) we default to SHA-1 and DES. Both are horrendously out of
> date.
>
> Diff below updates
At the moment we are neither consistent nor really secure in what we
offer by default for snmp. For snmp(1) we default to MD-5 and DES and
for snmpd(8) we default to SHA-1 and DES. Both are horrendously out of
date.
Diff below updates both tools to use SHA-256 and AES by default.
SHA-256 should