ban weak cryptographic algorithms from SNMP configuration
What does this MR do and why?
Considering cryptography weaknesses, this MR prevent SNMP using MD5 and DES to provide authentication and privacy respectively.
Note: if possible, SHA-1 should also be removed. However, some SNMP implementation do not support SHA256 yet.
- https://csrc.nist.gov/news/2022/nist-transitioning-away-from-sha-1-for-all-apps
- https://cyber.gouv.fr/sites/default/files/2021/03/anssi-guide-selection_crypto-1.0.pdf
rationale
- well-known MD5 vulnerabilities: https://en.wikipedia.org/wiki/MD5
- recommendation for AES and SHA256: https://cyber.gouv.fr/sites/default/files/2021/03/anssi-guide-selection_crypto-1.0.pdf
- DES has been withdrawn as a standard by the NIST: https://csrc.nist.gov/files/pubs/fips/46/final/docs/nbs.fips.46.pdf
Closes #937 (closed)
Edited by Pierrick Seite