[Pkg-net-snmp-devel] Bug#972985: Bug#972985: snmp: Blumenthal AES encryption should be enabled by default
Craig Small
csmall at debian.org
Mon Oct 26 23:18:56 GMT 2020
On Tue, 27 Oct 2020 at 07:42, Owen Evans <oevans at sciencelogic.com> wrote:
> Package: snmp
> Version: 5.9+dfsg-3-silo
>
This isn't a valid Debian version.
Blumenthal AES, in spite of being a 'draft' part of the SNMP Standard,
> is becoming widely implemented by many vendors. It is the main way to
> have strong encryption in connection with SNMPv3. Debian should include
> the --enable-blumenthal-aes option added around line 53 of debian/rules
> so that it is used when invoking the ./configure script from the
> upstream source package.
>
Are you sure the Debian packages don't already have this enabled?
Also, that flag doesn't exist in 5.9 of net-snmp
./configure --enable-blumenthal-aes
configure: WARNING: unrecognized options: --enable-blumenthal-aes
The draft standard seems to be all about enabling AES, or as the draft
states:
1)Provide a set of new privacy protocols for USM based on the
Advanced Encryption Standard.
Output of the build system shows AES is actually there:
Crypto support from: crypto
Authentication support: MD5 SHA1 SHA224 SHA256 SHA384 SHA512
Encryption support: DES AES AES128 AES192 AES192C AES256 AES256C
So I'm a bit confused about what is not enabled and why your configure
option works.
The --with-openssl and having openssl 0.9.7 or later will do it.
- Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-net-snmp-devel/attachments/20201027/124782ed/attachment.html>
More information about the Pkg-net-snmp-devel
mailing list