Page MenuHomeFreeBSD

Remove support for DES and Triple DES from OCF.
ClosedPublic

Authored by jhb on May 8 2020, 6:45 PM.

Details

Summary

It no longer has any in-kernel consumers via OCF. smbfs still uses
single DES directly, so sys/crypto/des remains for that use case.

Test Plan
  • make tinderbox

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

jhb requested review of this revision.May 8 2020, 6:45 PM

It feels like this is a strong signal we should kill netsmb, or at least disable its build. Windows is (happily) increasingly unwilling to serve SMB1 and our smbfs does not support anything else.

This revision is now accepted and ready to land.May 9 2020, 2:46 PM
In D24773#545252, @cem wrote:

It feels like this is a strong signal we should kill netsmb, or at least disable its build. Windows is (happily) increasingly unwilling to serve SMB1 and our smbfs does not support anything else.

Certainly seems like it. Hopefully someone (tm) can write a mailing list post with the deprecation plan and transition guide.

In D24773#545252, @cem wrote:

It feels like this is a strong signal we should kill netsmb, or at least disable its build. Windows is (happily) increasingly unwilling to serve SMB1 and our smbfs does not support anything else.

Certainly seems like it. Hopefully someone (tm) can write a mailing list post with the deprecation plan and transition guide.

There is no transition guide and I'm sure Microsoft has been publishing a deprecation guide on SMB1 for a decade. SMB1 is just very dead and we don't have any SMB2+ support. Users could try fusefs-netsmbfs but I have no idea how well it works.

https://techcommunity.microsoft.com/t5/storage-at-microsoft/stop-using-smb1/ba-p/425858

In D24773#545294, @cem wrote:

There is no transition guide and I'm sure Microsoft has been publishing a deprecation guide on SMB1 for a decade. SMB1 is just very dead and we don't have any SMB2+ support. Users could try fusefs-netsmbfs but I have no idea how well it works.

https://techcommunity.microsoft.com/t5/storage-at-microsoft/stop-using-smb1/ba-p/425858

That's what I mean, sorry for being terse - a transition guide for FreeBSD users who need to interact with Microsoft servers; hopefully that fuse project works. Anyway this (transition guide) is something that I hope happens, but I definitely don't see it as a requirement; SMB1 is absolutely dead either way.

Could we at least kill the crypto bits in SMBFS or are they integral to any functional use? Sadly, the Cambridge folks still use smbfs instead of nfs to talk to test instances via qemu (not sure why they don't use NFS, and they'd really like 9pfs instead or virtio-fs).

Another one is that some netgraph node still uses RC4, albeit under an option.

This revision was automatically updated to reflect the committed changes.