Bug 14912 - A schannel client incorrectly detects a downgrade connecting to an AES only server
Summary: A schannel client incorrectly detects a downgrade connecting to an AES only s...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.15.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-18 13:40 UTC by Andreas Schneider
Modified: 2021-12-08 14:58 UTC (History)
3 users (show)

See Also:

Attachments
patch for 4.15 (4.50 KB, patch)
2021-12-02 15:10 UTC, Andreas Schneider 		asn: review? (gd)
metze: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2021-11-18 13:40:59 UTC 
Currently rpclient incorrectly detects a schannel downgrade if we connect to a server in FIPS mode which only offers AES.

Patch will follow.
Comment 1 Samba QA Contact 2021-12-02 14:55:16 UTC 
This bug was referenced in samba master:

d1ea9c5aaba42447f25a15935a9bf5bbd20f7d93
Comment 2 Andreas Schneider 2021-12-02 15:10:22 UTC 
Created attachment 17040 [details]
patch for 4.15
Comment 3 Andreas Schneider 2021-12-02 15:10:56 UTC 
This requires the patch from https://bugzilla.samba.org/show_bug.cgi?id=14767 to be applied first!
Comment 4 Stefan Metzmacher 2021-12-08 09:36:52 UTC 
Pushed to autobuild-v4-15-test
Comment 5 Samba QA Contact 2021-12-08 10:55:25 UTC 
This bug was referenced in samba v4-15-test:

18c7681358775b079d95cc44c4146b715ffb54cd
Comment 6 Jule Anger 2021-12-08 13:36:41 UTC 
Closing out bug report.

Thanks!
Comment 7 Samba QA Contact 2021-12-08 14:58:09 UTC 
This bug was referenced in samba v4-15-stable (Release samba-4.15.3):

18c7681358775b079d95cc44c4146b715ffb54cd