2

There's lots of "SMB is bad" parrotting online, and whenever I look closely, these claims are either unsubstantiated, or apply to unpached or misconfigured Windows servers or old versions of the SMB protocol.

If I put stuff like this in my smb.conf

server min protocol = SMB3
smb encrypt = required
tls cafile = /letsencrypt/chain.pem
tls certfile = /letsencrypt/cert.pem
tls keyfile = /letsencrypt/key.pem

am I still in trouble?

Notably, Microsoft's own Azure Cloud ostensibly offers Internet facing SMB3 shares. So there must be a way to secure them, right? One thing that still worries me is that I've never seen Windows Explorer complain about self signed certificates.

Ansis Māliņš
  • 643
  • 1
  • 5
  • 6

0 Answers0