[PATCH] Crypto use in Samba (was: Re: SMB3 encryption performance)

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Feb 17 07:18:56 MST 2015

On Tue, Feb 17, 2015 at 09:09:37AM -0500, Simo wrote:
> On Tue, 2015-02-17 at 09:14 +0100, Volker Lendecke wrote:
> > On Tue, Feb 17, 2015 at 11:56:01AM +1300, Andrew Bartlett wrote:
> > > The latest unreleased version of GnuTLS seems to provide it.  Also, the
> > > latest protocol version seems to use the GCM mode. 
> > 
> > It will take a couple of years before this trickles into the relevant
> > distros. I think we need to drop GnuTLS then and look for something
> > else. OpenSSL seems impossible because I don't think we can change our
> > license. Another one that advertises HW support is libgcrypt then. Or
> > for this special use case we might grow something on our own? This can't
> > be rocket science.
> Crypto is harder than rocket science, please let's not try to do our
> own.
> libgcrypt is also an option, but I wouldn't discard using OpenSSL, even
> if it requires us to add an exception to the license. I do not think it
> would be too hard. We changed license on parts of samba before, this is
> not different.

Ok, I believe then we should postpone this whole effort to the point
when Debian and RHEL by default ship GnuTLS versions that do all we need.


SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba-technical mailing list