Hi Owen, Thanks for the report, it is now enabled for the next release of Debian net-snmp
https://salsa.debian.org/debian/net-snmp/-/commit/223b00693e5b68165b060e3f7342c4cc2574ba08 - Craig On Tue, 27 Oct 2020 at 14:31, Craig Small <csm...@debian.org> wrote: > Hi Owen, > > OK, I think I know what happened, I was checking a different branch. No > idea why the build system says it is building with them when it's not. > Your patch is fine, I'll add that in shortly. > > - Craig > > > On Tue, 27 Oct 2020 at 10:18, Craig Small <csm...@debian.org> wrote: > >> On Tue, 27 Oct 2020 at 07:42, Owen Evans <oev...@sciencelogic.com> wrote: >> >>> Package: snmp >>> Version: 5.9+dfsg-3-silo >>> >> This isn't a valid Debian version. >> >> Blumenthal AES, in spite of being a 'draft' part of the SNMP Standard, >>> is becoming widely implemented by many vendors. It is the main way to >>> have strong encryption in connection with SNMPv3. Debian should include >>> the --enable-blumenthal-aes option added around line 53 of debian/rules >>> so that it is used when invoking the ./configure script from the >>> upstream source package. >>> >> Are you sure the Debian packages don't already have this enabled? >> >> Also, that flag doesn't exist in 5.9 of net-snmp >> ./configure --enable-blumenthal-aes >> configure: WARNING: unrecognized options: --enable-blumenthal-aes >> >> The draft standard seems to be all about enabling AES, or as the draft >> states: >> 1)Provide a set of new privacy protocols for USM based on the >> Advanced Encryption Standard. >> >> Output of the build system shows AES is actually there: >> >> Crypto support from: crypto >> Authentication support: MD5 SHA1 SHA224 SHA256 SHA384 SHA512 >> Encryption support: DES AES AES128 AES192 AES192C AES256 AES256C >> >> So I'm a bit confused about what is not enabled and why your configure >> option works. >> The --with-openssl and having openssl 0.9.7 or later will do it. >> >> - Craig >> >>