On Thu, 2020-11-26 at 20:55 +0800, Paul Wise wrote: > On Thu, 2020-11-26 at 21:57 +1300, Andrew Bartlett wrote: > > > No, this is just a reflection of what mode GnuTLS is set to on your > > system. > > Hmm, I haven't customised the GnuTLS config, so does that mean that > Debian GnuTLS still allows some weak crypto? Should this be > reassigned?
It all really depends on if you feel like breaking Samba or not. Weak crypto makes the world go round. The alternative is FIPS mode. If you enjoy that straight-jacket then enabled FIPS mode in GnuTLS and some Samba things won't work. A fair bit actually. What should come of this bug is that the testparm output and associated documentation needs to be much more verbose as to what this means, and what the alternative would mean for a interoperable installation. (And that needs to be an upstream bug and discussion really). Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
