diff options
author | Andrew Bartlett <abartlet@samba.org> | 2019-08-26 14:39:40 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-08-27 06:01:50 +0000 |
commit | b406b928242c95d34568a79c10e4b004779da085 (patch) | |
tree | edeacfd8cf8a3b7d60e35640c929cf53df5978b9 /WHATSNEW.txt | |
parent | 2ee1764ca88c882cddcc0a17f7d83950ec709b5d (diff) | |
download | samba-b406b928242c95d34568a79c10e4b004779da085.tar.gz |
WHATSNEW: Document new GnuTLS 3.4.7 requirement
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 27 06:01:50 UTC 2019 on sn-devel-184
Diffstat (limited to 'WHATSNEW.txt')
-rw-r--r-- | WHATSNEW.txt | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 9abc4538125..c3b99dbee80 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -17,6 +17,28 @@ NEW FEATURES/CHANGES ==================== +GnuTLS 3.4.7 required +--------------------- + +Samba is making efforts to remove in-tree cryptographic functionality, +and to instead rely on externally maintained libraries. To this end, +Samba has chosen GnuTLS as our standard cryptographic provider. + +Samba now requires GnuTLS 3.4.7 to be installed (including development +headers at build time) for all configurations, not just the Samba AD +DC. + +NOTE WELL: The use of GnuTLS means that Samba will honour the +system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic +standard) and so will not operate in many still common situations if +this system-wide parameter is in effect, as many of our protocols rely +on outdated cryptography. + +A future Samba version will mitigate this to some extent where good +cryptography effectively wraps bad cryptography, but for now that above +applies. + + REMOVED FEATURES ================ |