The developers of the free server service Samba have released version 4.12 of their software. With this publication, the team is for the first time not offering cryptographic routines in its code that are necessary for use. Instead of its own crypto, the Samba project will in future use GnuTLS as an external dependency for the corresponding functions.
In their announcement, the team explicitly points out that this use of GnuTLS is now a prerequisite for all configurations of Samba and not only for use as an Active Directory Domain Controller (DC).
In addition, the developers are finally no longer distributing an implementation of DES that has been considered outdated for years. Accordingly, the Keberos service will no longer work if it is only allowed to use DES. But nobody should use that anymore. If Samba is used as a DC, DES keys are no longer stored in the database.
According to the announcement, the use of GnuTLS with the SMB3 protocol will lead to a significant increase in performance, which should primarily affect copying processes. Together with the CIFS kernel module from Linux 5.3, write access is said to have been accelerated three times and read access has been accelerated by two and a half times. Samba now also uses the interface for the VFS module io_uring of the kernel, which was introduced with Linux version 5.1 and should also improve read and write access.
The Samba project also does without its own copy of the Zlib library in its code. The team could thus refrain from distributing the old and broken Zip encryption, even if it had not been used. Further changes can be found in the release notes.