Bug 14912 - A schannel client incorrectly detects a downgrade connecting to an AES only server
Summary: A schannel client incorrectly detects a downgrade connecting to an AES only s...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.15.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-18 13:40 UTC by Andreas Schneider
Modified: 2021-12-08 14:58 UTC (History)
3 users (show)

See Also:


Attachments
patch for 4.15 (4.50 KB, patch)
2021-12-02 15:10 UTC, Andreas Schneider
asn: review? (gd)
metze: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2021-11-18 13:40:59 UTC
Currently rpclient incorrectly detects a schannel downgrade if we connect to a server in FIPS mode which only offers AES.

Patch will follow.
Comment 1 Samba QA Contact 2021-12-02 14:55:16 UTC
This bug was referenced in samba master:

d1ea9c5aaba42447f25a15935a9bf5bbd20f7d93
Comment 2 Andreas Schneider 2021-12-02 15:10:22 UTC
Created attachment 17040 [details]
patch for 4.15
Comment 3 Andreas Schneider 2021-12-02 15:10:56 UTC
This requires the patch from https://bugzilla.samba.org/show_bug.cgi?id=14767 to be applied first!
Comment 4 Stefan Metzmacher 2021-12-08 09:36:52 UTC
Pushed to autobuild-v4-15-test
Comment 5 Samba QA Contact 2021-12-08 10:55:25 UTC
This bug was referenced in samba v4-15-test:

18c7681358775b079d95cc44c4146b715ffb54cd
Comment 6 Jule Anger 2021-12-08 13:36:41 UTC
Closing out bug report.

Thanks!
Comment 7 Samba QA Contact 2021-12-08 14:58:09 UTC
This bug was referenced in samba v4-15-stable (Release samba-4.15.3):

18c7681358775b079d95cc44c4146b715ffb54cd