It's time to require SMB signing by default
for historical reasons (compatibility with old clients)
our default setting for smb signing is "enabled".
It's time to change the default to "required".
An admin with ancient clients can always change it back to "enabled".
Note that SMB signing can have a significant performance impact. Administrators may want to change the "SMB signing" setting to "enabled" (as it was in earlier releases) if performance is greater concern than defense against "man in the middle" attacks.
Updated by Electric Monk about 2 months ago
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
commit 58f3189518d9e749f916c2666f0d2914e1fac538 Author: Gordon Ross <firstname.lastname@example.org> Date: 2019-08-22T21:44:31.000Z 11033 It's time to require SMB signing by default Reviewed by: Yuri Pankov <email@example.com> Reviewed by: Roman Strashkin <firstname.lastname@example.org> Reviewed by: Garrett D'Amore <email@example.com> Approved by: Garrett D'Amore <firstname.lastname@example.org>