docs-xml: Add a section about weak crypto in testparm manpage

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14583

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 27 13:48:20 UTC 2020 on sn-devel-184

diff --git a/docs-xml/manpages/testparm.1.xml b/docs-xml/manpages/testparm.1.xml
index 9099cda010fc10a5b6cda62e8fc8347fd444b12b..7c7abf50e8b87e4e879058b17a211e486535f9fa 100644 (file)
--- a/docs-xml/manpages/testparm.1.xml
+++ b/docs-xml/manpages/testparm.1.xml
@@ -171,6 +171,15 @@
        errors and warnings if the file did not load. If the file was 
        loaded OK, the program then dumps all known service details 
        to stdout. </para>
+
+       <para>For certain use cases, SMB protocol requires use of
+       cryptographic algorithms which are known to be weak and already
+       broken. DES and ARCFOUR (RC4) ciphers and the SHA1 and MD5 hash
+       algorithms are considered weak but they are required for backward
+       compatibility. The testparm utility shows whether the Samba tools
+       will fall back to these weak crypto algorithms if it is not possible
+       to use strong cryptography by default.
+       In FIPS mode weak crypto cannot be enabled.</para>
 </refsect1>