[PATCH] Crypto use in Samba (was: Re: SMB3 encryption performance)

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Feb 17 07:45:14 MST 2015

On Tue, Feb 17, 2015 at 09:36:25AM -0500, Michael Ledford wrote:
> > Ok, I believe then we should postpone this whole effort to the point
> > when Debian and RHEL by default ship GnuTLS versions that do all we need.
> That's a shame.

Well, so is the state of crypto libraries in Unix it seems.  Nothing that
we can change. OpenSSL is screwed due to the License issue, GnuTLS is
not up to par feature-wise, and I don't want to go down the path of some
obscure library that we get dissed over in Debian again. Happened to us
with iniparser, won't go there again.

> It looks like GnuTLS is aiming for a march release of 3.4

This means we have to wait for RHEL8 and Debian next until we can
reasonably make use of this in the field, in case both happen to pick
it up in time.

> <http://nmav.gnutls.org/2014/12/a-quick-overview-of-gnutls-development.html>
> which as Andrew pointed out, thank you for looking I totally missed
> it, does have the support needed.
> Is there anything that could be done to move this forward in the meantime?

Even if we don't ship anything in Samba upstream because we can't afford
to do crypto on our own, I would be happy to review/test/host appropriate
patches somewhere external for interested OEMs and people who can
compile Samba on their own.


SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba-technical mailing list