smbd encrypt_cipher property should list enabled ciphers explicitly
Currently, we support 2 encryption ciphers: AES-128-CCM and AES-128-GCM. There are 2 corresponding options for smbd/encrypt_cipher property: aes128-ccm and aes128-gcm. If aes128-ccm option is chosen, AES128-CCM is the only allowed cipher. When aes128-gcm is set, both ciphers are enabled. There is no way to disable aes128-ccm.
Latest SMB specification adds other 2 ciphers: AES-256-CCM and AES-256-GCM, and it becomes more clear that we have to change the approach for encryp_cipher property. Probably, we should list enabled ciphers explicitly.
The new approach would set up the property such way: smbd/encrypt_cipher="<cipher_1>[,<cipher_k>,<cipher_n>]". If it is not set (empty) then all ciphers would be enabled.
Updated by Alexander Stetsenko 3 months ago
- Subject changed from smbd encrypt_cipher property should list explicitly allowed ciphers to smbd encrypt_cipher property should list allowed ciphers explicitly
- Status changed from New to In Progress
- Start date set to 2021-06-29
- % Done changed from 0 to 10