Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SHA256 and AES256 security levels for SNMP polling #3787

Closed
mikygee opened this issue Sep 2, 2020 · 4 comments
Closed

Add SHA256 and AES256 security levels for SNMP polling #3787

mikygee opened this issue Sep 2, 2020 · 4 comments
Labels
enhancement General tag for an enhancement resolved A fixed issue snmp Issue related to SNMP data collection
Milestone
v1.2.19

Comments

@mikygee
Copy link

mikygee commented Sep 2, 2020
edited
Loading

Hello,
At the moment only SHA128 and AES128 are supported.
Many devices now support AES256 and SHA256, they should be also used.
Regards

Additional informations
http://www.net-snmp.org/wiki/index.php/Strong_Authentication_or_Encryption
@mikygee mikygee added the enhancement General tag for an enhancement label Sep 2, 2020
@mikygee mikygee mentioned this issue Sep 2, 2020
Merged
@netniV
Copy link
Member

netniV commented Sep 3, 2020

Unfortunately, this is one where as much as we really want this ourselves, we are reliant on the libraries out there and I don't believe that NetSNMP fully support it last I heard. @cigamit or @TheWitness may correct me on that as they follow them a lot better than I do.

@bmfmancini
Copy link
Member

@netniV

Actually I think as of 5.8 it does

Question: Authentication

Does it support anything stronger than SHA1?
Answer

Yes. Net-SNMP 5.8 and later support all the authentication protocols defined in [RFC7860|https://tools.ietf.org/html/rfc7860], w hich are:

SHA-192
SHA-256
SHA-284
SHA-512

Question: Encryption

Does Net-SNMP support AES192 or AES256?
Answer

The short answer is Yes, starting with release 5.8 AES193 and AES256 are an optional configure option.

There are two separate parts to the long answer:

source:http://www.net-snmp.org/wiki/index.php/Strong_Authentication_or_Encryption

@TheWitness
Copy link
Member

Yea, it's supported in the SNMP library for now. We were holding off on this till 1.3. Been really busy though. It's a small project, but involves both Cacti and Spine.

@netniV netniV added this to the v1.3.0 milestone Sep 11, 2020
@TheWitness
Copy link
Member

Interesting that there is a full php implementation of SNMP that covers this, which is pretty cool.

#3818

@TheWitness TheWitness changed the title [Feature Request] add SHA256 and AES256 for snmp polling Add SHA256 and AES256 for snmp polling Jan 4, 2021
@TheWitness TheWitness added the snmp Issue related to SNMP data collection label Jan 4, 2021
@TheWitness TheWitness modified the milestones: v1.3.0, 1.2.19 Sep 8, 2021
TheWitness added a commit that referenced this issue Sep 8, 2021
@TheWitness
Fixing Issue #3787 - AES256/SHA256 Support
b69f1ee 
* Add SHA256 and AES256 for snmp polling
* This is also added to spine
@TheWitness TheWitness added the resolved A fixed issue label Oct 2, 2021
@netniV netniV changed the title Add SHA256 and AES256 for snmp polling Add SHA256 and AES256 security levels for SNMP polling Oct 3, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Jan 2, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement General tag for an enhancement resolved A fixed issue snmp Issue related to SNMP data collection
Projects
None yet
Milestone
v1.2.19
Development

No branches or pull requests
4 participants
@TheWitness @mikygee @netniV @bmfmancini