WHATSNEW: Celebrate the end of smbdes and the almost-end of in-tree AES

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3a7e90afee2ed91ca69d156567e925be8a25d5d1..0faf69e030f767c4d47dd4ef4480e4220a2cdc2c 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -27,8 +27,8 @@ we test with in our CI infrastructure.
 (Build time support for the file server with Python 2.6 has not
 changed)
 
-GnuTLS 3.4.7 required
----------------------
+Removing in-tree cryptography: GnuTLS 3.4.7 required
+----------------------------------------------------
 
 Samba is making efforts to remove in-tree cryptographic functionality,
 and to instead rely on externally maintained libraries.  To this end,
@@ -38,6 +38,11 @@ Samba now requires GnuTLS 3.4.7 to be installed (including development
 headers at build time) for all configurations, not just the Samba AD
 DC.
 
+Thanks to this work Samba no longer ships an in-tree DES
+implementation and on GnuTLS 3.6.5 or later Samba will include no
+in-tree cryptography other than the MD4 hash and that
+implemented in our copy of Heimdal.
+
 Using GnuTLS for SMB3 encryption you will notice huge performance and copy
 speed improvements. Tests with the CIFS Kernel client from Linux Kernel 5.3
 show a 3x speed improvement for writing and a 2.5x speed improvement for reads!