[PATCH] Crypto use in Samba (was: Re: SMB3 encryption performance)
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Feb 17 07:18:56 MST 2015
On Tue, Feb 17, 2015 at 09:09:37AM -0500, Simo wrote:
> On Tue, 2015-02-17 at 09:14 +0100, Volker Lendecke wrote:
> > On Tue, Feb 17, 2015 at 11:56:01AM +1300, Andrew Bartlett wrote:
> > > The latest unreleased version of GnuTLS seems to provide it. Also, the
> > > latest protocol version seems to use the GCM mode.
> >
> > It will take a couple of years before this trickles into the relevant
> > distros. I think we need to drop GnuTLS then and look for something
> > else. OpenSSL seems impossible because I don't think we can change our
> > license. Another one that advertises HW support is libgcrypt then. Or
> > for this special use case we might grow something on our own? This can't
> > be rocket science.
>
> Crypto is harder than rocket science, please let's not try to do our
> own.
> libgcrypt is also an option, but I wouldn't discard using OpenSSL, even
> if it requires us to add an exception to the license. I do not think it
> would be too hard. We changed license on parts of samba before, this is
> not different.
Ok, I believe then we should postpone this whole effort to the point
when Debian and RHEL by default ship GnuTLS versions that do all we need.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list