From: Michael Pfeifroth Date: Mon, 20 Apr 2026 10:00:48 +0000 (+0200) Subject: luci-app-snmpd: add strong SNMPv3 crypto options X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=81ce1ad9639eb87dc2fe811e2ae15c7ef2d19531;p=openwrt-luci.git luci-app-snmpd: add strong SNMPv3 crypto options Add SHA-256, SHA-384, SHA-512, SHA-224 authentication and AES-192, AES-256 encryption options to the SNMPv3 user configuration. net-snmp has supported these algorithms for a while, but the LuCI dropdown only offered SHA(-1), MD5, AES(-128) and DES. Modern security standards (e.g. EN 18031 CCK-1) require at least 112-bit security strength, which rules out SHA-1 (80-bit) and DES (56-bit). The default authentication type is changed from SHA to SHA-256. The init script already passes auth_type and privacy_type directly to net-snmp's createUser, so no backend changes are needed. Signed-off-by: Michael Pfeifroth --- diff --git a/applications/luci-app-snmpd/htdocs/luci-static/resources/view/snmpd/snmpd.js b/applications/luci-app-snmpd/htdocs/luci-static/resources/view/snmpd/snmpd.js index 61adfd6fe8..a78953e6ec 100644 --- a/applications/luci-app-snmpd/htdocs/luci-static/resources/view/snmpd/snmpd.js +++ b/applications/luci-app-snmpd/htdocs/luci-static/resources/view/snmpd/snmpd.js @@ -458,10 +458,14 @@ return L.view.extend({ go = g.option(form.ListValue, 'auth_type', _('SNMPv3 authentication type')); go.value('', _('none')); + go.value('SHA-512', _('SHA-512')); + go.value('SHA-384', _('SHA-384')); + go.value('SHA-256', _('SHA-256')); + go.value('SHA-224', _('SHA-224')); go.value('SHA', _('SHA')); go.value('MD5', _('MD5')); go.rmempty = true; - go.default = 'SHA'; + go.default = 'SHA-256'; // SNMPv3 auth pass go = g.option(form.Value, 'auth_pass', @@ -477,6 +481,8 @@ return L.view.extend({ go = g.option(form.ListValue, 'privacy_type', _('SNMPv3 encryption type')); go.value('', _('none')); + go.value('AES-256', _('AES-256')); + go.value('AES-192', _('AES-192')); go.value('AES', _('AES')); go.value('DES', _('DES')); go.rmempty = true;