mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
WHATSNEW: Document new GnuTLS 3.4.7 requirement
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 27 06:01:50 UTC 2019 on sn-devel-184
This commit is contained in:
Andrew Bartlett
parent
2ee1764ca8
commit
b406b92824
22
WHATSNEW.txt
22
WHATSNEW.txt
@ -17,6 +17,28 @@ NEW FEATURES/CHANGES
|
||||
====================
|
||||
|
||||
|
||||
GnuTLS 3.4.7 required
|
||||
---------------------
|
||||
|
||||
Samba is making efforts to remove in-tree cryptographic functionality,
|
||||
and to instead rely on externally maintained libraries. To this end,
|
||||
Samba has chosen GnuTLS as our standard cryptographic provider.
|
||||
|
||||
Samba now requires GnuTLS 3.4.7 to be installed (including development
|
||||
headers at build time) for all configurations, not just the Samba AD
|
||||
DC.
|
||||
|
||||
NOTE WELL: The use of GnuTLS means that Samba will honour the
|
||||
system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic
|
||||
standard) and so will not operate in many still common situations if
|
||||
this system-wide parameter is in effect, as many of our protocols rely
|
||||
on outdated cryptography.
|
||||
|
||||
A future Samba version will mitigate this to some extent where good
|
||||
cryptography effectively wraps bad cryptography, but for now that above
|
||||
applies.
|
||||
|
||||
|
||||
REMOVED FEATURES
|
||||
================
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user