There's lots of "SMB is bad" parrotting online, and whenever I look closely, these claims are either unsubstantiated, or apply to unpached or misconfigured Windows servers or old versions of the SMB protocol.
If I put stuff like this in my smb.conf
server min protocol = SMB3
smb encrypt = required
tls cafile = /letsencrypt/chain.pem
tls certfile = /letsencrypt/cert.pem
tls keyfile = /letsencrypt/key.pem
am I still in trouble?
Notably, Microsoft's own Azure Cloud ostensibly offers Internet facing SMB3 shares. So there must be a way to secure them, right? One thing that still worries me is that I've never seen Windows Explorer complain about self signed certificates.