[Samba] NT_STATUS_DOWNGRADE_DETECTED
Rowland Penny
rpenny at samba.org
Tue May 2 10:27:42 UTC 2023
On 02/05/2023 11:15, Anantha Raghava via samba wrote:
> Hello Rowloand,
>
> Thanks for quick response.
>
> Yes, we are a bank.
>
> Unfortunately, we have no choice but to allow insecure methods and lower
> version of TLS since there are many applications that still do not
> support the secure methods. Even if we enable, secure methods,
> applications fail to authenticate and start throwing many errors. AD
> alone enabling secure methods while the other applications still lag
> behind creates a havoc. VCenter integration is one such example, which
> still uses HMAC-MD5. Switching them to AES is a herculean task and many
> missiles will also fly ;) .
Lets put it this way, I am glad that I do not bank with you :-)
I would have thought that a bank would be a bit more proactive, but then
I found that my credit card company accepts my voice as a 2fa this
morning, using a very predictable phrase.
>
> Is there any quick workaround to get the work going while we get the
> application vendors to upgrade themselves?
I personally know little more than what is in the link that I referred
you to, perhaps someone else knows more
Rowland
More information about the samba
mailing list