SSL negotiation protosol in CIFS

John E. Malmberg malmberg at
Wed Aug 22 19:41:16 GMT 2001

On Wed, 22 Aug 2001, Michal Trojnara wrote:

 > Is SSL negotiation a documented protocol extension or just a proprietary
 > feature?  I'd like to add CIFS support to my stunnel program, but I
 > don't want to create a derivative from Samba.

SSL or Secure Sockets Layer is a tunneling protocol.  Any other
protocol can ride inside it.

Unlike a VPN tunnel though, it is not usually transparent to the client
and server.

 > In other words:  Is SSL negotiation a part of open standard or it's
 > restricted to GPL?

Search the WWW for "OpenSSL".  Various government regulations may
restrict who can offer it for download or distribution.

Typically SSL is available for a platform as a shared library and the
program needs to make slightly different "socket" calls to implement.

SAMBA support for SSL depends on it being built against such a library.

> I'll try to make it clear:
> 1. I wasn't able to find an open specification for SSL negotiation in CIFS.

AFAIK: Only SAMBA supports the SMB protocol over SSL.

> 2. I'd like to add CIFS negotiation to my software
> (

> 3. I'm not able to study samba code without accepting GPL license.
>    (nothing else grants me permission to do that)

That's right.  The GPL allows you to study code.

> 4. Accepting GPL license will make my implementation derived from samba.
>    (based on samba)

Only if you copy it.  If you study the algorithms and program flow, but
then create an entirely different implementation, then you do not have
a derivative work.  A different implementation though, is not simply
renaming symbols or moving things around.

> 5. Code derived from GPL has to be GPL (2b section of the licese).

Only derived code.  A new algorithm developed from studying an old
algorithm is not a derivation.

Personal Opinion Only

More information about the samba-technical mailing list