Project

General

Profile

Actions

Feature #13914

closed

smbd encrypt_cipher property should list enabled ciphers explicitly

Added by Alexander Stetsenko 11 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Category:
cifs - CIFS server and client
Start date:
2021-06-29
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
smb, smf
Gerrit CR:

Description

Currently, we support 2 encryption ciphers: AES-128-CCM and AES-128-GCM. There are 2 corresponding options for smbd/encrypt_cipher property: aes128-ccm and aes128-gcm. If aes128-ccm option is chosen, AES128-CCM is the only allowed cipher. When aes128-gcm is set, both ciphers are enabled. There is no way to disable aes128-ccm.
Latest SMB specification adds other 2 ciphers: AES-256-CCM and AES-256-GCM, and it becomes more clear that we have to change the approach for encryp_cipher property. Probably, we should list enabled ciphers explicitly.

The new approach would set up the property such way: smbd/encrypt_cipher="<cipher_1>[,<cipher_k>,<cipher_n>]". If it is not set (empty) then all ciphers would be enabled.


Related issues

Related to illumos gate - Bug #14046: Windows Server 2022 and Windows 11 cannot connect to SMB shareClosedAndy Fiddaman

Actions
Blocks illumos gate - Feature #14047: Add support for SMB 3.1.1 AES-256In ProgressAlexander Stetsenko

Actions
Actions

Also available in: Atom PDF