SUNRPC: Remove RPCSEC_GSS_KRB5_ENCTYPES_DES (788849b6) · Commits · git / linux-net

net/sunrpc/.kunitconfig

+0 −1

Original line number	Diff line number	Diff line
		@@ -23,7 +23,6 @@ CONFIG_NFS_FS=y
		CONFIG_SUNRPC=y
		CONFIG_SUNRPC_GSS=y
		CONFIG_RPCSEC_GSS_KRB5=y
		CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_DES=y
		CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1=y
		CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA=y
		CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2=y

+0 −28

Original line number	Diff line number	Diff line
		@@ -34,38 +34,10 @@ config RPCSEC_GSS_KRB5

		If unsure, say Y.

		config RPCSEC_GSS_KRB5_SIMPLIFIED
		bool
		depends on RPCSEC_GSS_KRB5

		config RPCSEC_GSS_KRB5_CRYPTOSYSTEM
		bool
		depends on RPCSEC_GSS_KRB5

		config RPCSEC_GSS_KRB5_ENCTYPES_DES
		bool "Enable Kerberos enctypes based on DES (deprecated)"
		depends on RPCSEC_GSS_KRB5
		depends on CRYPTO_CBC && CRYPTO_CTS && CRYPTO_ECB
		depends on CRYPTO_HMAC && CRYPTO_MD5 && CRYPTO_SHA1
		depends on CRYPTO_DES
		default n
		select RPCSEC_GSS_KRB5_SIMPLIFIED
		help
		Choose Y to enable the use of deprecated Kerberos 5
		encryption types that utilize Data Encryption Standard
		(DES) based ciphers. These include des-cbc-md5,
		des-cbc-crc, and des-cbc-md4, which were deprecated by
		RFC 6649, and des3-cbc-sha1, which was deprecated by RFC
		8429.

		These encryption types are known to be insecure, therefore
		the default setting of this option is N. Support for these
		encryption types is available only for compatibility with
		legacy NFS client and server implementations.

		Removal of support is planned for a subsequent kernel
		release.

		config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1
		bool "Enable Kerberos enctypes based on AES and SHA-1"
		depends on RPCSEC_GSS_KRB5