It no longer has any in-kernel consumers via OCF. smbfs still uses
single DES directly, so sys/crypto/des remains for that use case.
Details
- Reviewers
cem jmg - Group Reviewers
manpages - Commits
- rS360933: Remove support for DES and Triple DES from OCF.
- make tinderbox
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
It feels like this is a strong signal we should kill netsmb, or at least disable its build. Windows is (happily) increasingly unwilling to serve SMB1 and our smbfs does not support anything else.
Certainly seems like it. Hopefully someone (tm) can write a mailing list post with the deprecation plan and transition guide.
There is no transition guide and I'm sure Microsoft has been publishing a deprecation guide on SMB1 for a decade. SMB1 is just very dead and we don't have any SMB2+ support. Users could try fusefs-netsmbfs but I have no idea how well it works.
https://techcommunity.microsoft.com/t5/storage-at-microsoft/stop-using-smb1/ba-p/425858
That's what I mean, sorry for being terse - a transition guide for FreeBSD users who need to interact with Microsoft servers; hopefully that fuse project works. Anyway this (transition guide) is something that I hope happens, but I definitely don't see it as a requirement; SMB1 is absolutely dead either way.
Could we at least kill the crypto bits in SMBFS or are they integral to any functional use? Sadly, the Cambridge folks still use smbfs instead of nfs to talk to test instances via qemu (not sure why they don't use NFS, and they'd really like 9pfs instead or virtio-fs).
Another one is that some netgraph node still uses RC4, albeit under an option.