docs-xml: Add a section about weak crypto in testparm manpage

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14583 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Nov 27 13:48:20 UTC 2020 on sn-devel-184
author: Andreas Schneider <asn@samba.org> 2020-11-27 11:22:15 +0100
committer: Andreas Schneider <asn@cryptomilk.org> 2020-11-27 13:48:19 +0000
commit: 5c27740aeff273bcd5f027d36874e56170234146 (patch)
tree: 8d4ddccfe7eca6dc8bbeef6098ae4d41868b9e57 /docs-xml
parent: 4142bde7e524e9d5a491b2ff1afa4990e2c89a10 (diff)
download: samba-5c27740aeff273bcd5f027d36874e56170234146.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/docs-xml/manpages/testparm.1.xml b/docs-xml/manpages/testparm.1.xml
index 9099cda010f..7c7abf50e8b 100644
--- a/docs-xml/manpages/testparm.1.xml
+++ b/docs-xml/manpages/testparm.1.xml
@@ -171,6 +171,15 @@
 	errors and warnings if the file did not load. If the file was 
 	loaded OK, the program then dumps all known service details 
 	to stdout. </para>
+
+	<para>For certain use cases, SMB protocol requires use of
+	cryptographic algorithms which are known to be weak and already
+	broken. DES and ARCFOUR (RC4) ciphers and the SHA1 and MD5 hash
+	algorithms are considered weak but they are required for backward
+	compatibility. The testparm utility shows whether the Samba tools
+	will fall back to these weak crypto algorithms if it is not possible
+	to use strong cryptography by default.
+	In FIPS mode weak crypto cannot be enabled.</para>
 </refsect1>
author	Andreas Schneider <asn@samba.org>	2020-11-27 11:22:15 +0100
committer	Andreas Schneider <asn@cryptomilk.org>	2020-11-27 13:48:19 +0000
commit	5c27740aeff273bcd5f027d36874e56170234146 (patch)
tree	8d4ddccfe7eca6dc8bbeef6098ae4d41868b9e57 /docs-xml
parent	4142bde7e524e9d5a491b2ff1afa4990e2c89a10 (diff)
download	samba-5c27740aeff273bcd5f027d36874e56170234146.tar.gz