AES256 support for SNMP

Tags: #<Tag:0x00007f3b826291d8> #<Tag:0x00007f3b82628f58>

Please add AES256 support, because some of devices do not support AES128.
Please note that net-snmp gained AES256 (in addition to stronger ciphers) as of version 5.8 (http://www.net-snmp.org/wiki/index.php/Strong_Authentication_or_Encryption)

One device which supports AES256 and DES, but not AES128, is Kyocera Command Center RX (https://www.kyoceradocumentsolutions.com/asia/en/products/software/business-application/command-center-rx.html), which is a management module for many, many Kyocera MFP’s.

I have a similar request. I have manually altered the database to allow for sha-256 to test one of my devices, and it seems to work fine. So my question is, how hard will it be to get this functionality fully supported? Some vendors are dropping any other form of SNMP support (due to them seeing some things as security risks) and will have SNMPv3 with SHA-x as minimum from here on forward.

Hans, I would also like to use aes256, can you share the steps you followed to alter the database to allow sha256 to function, it would be nice to have a workaround that everyone can implement until librenms gets updated.

Hi @Luis_H

I see it is a privacy protocol. Here is a PR I submitted to allow for SHA-x stuff. Unfortunately I did not allow for the privacy protocol stuff. Will hear what the devs say, what I need to do.

1 Like

I have added the AES crypto algorithms now as well. Thanks to @SourceDoctor actually. So you should thank him. We are just waiting for reviewers and input. So if you would help test, that would also be great?