Project

General

Profile

Actions

Bug #13929

closed

SMB encryption does not work with macOS 11.4

Added by Andrew Stormont 4 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Category:
cifs - CIFS server and client
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

Mac OS 11.4 introduced support for SMB 3.11 on the client side and with this SMB encryption is now broken again. The problem arises from our implementation forcing GCM when SMB 3.11 is in use, but Mac OS only supports CCM.


Related issues

Related to illumos gate - Bug #13722: Enabling SMB3 encryption breaks macOS Big Sur clientsClosedAndrew Stormont

Actions
Actions #1

Updated by Andrew Stormont 4 months ago

  • Related to Bug #13722: Enabling SMB3 encryption breaks macOS Big Sur clients added
Actions #2

Updated by Electric Monk 4 months ago

  • Gerrit CR set to 1590
Actions #3

Updated by Andrew Stormont 4 months ago

  • Description updated (diff)
Actions #4

Updated by Andrew Stormont 4 months ago

I have a fix our for review here: https://code.illumos.org/c/illumos-gate/+/1590

Testing: I ran a build of illumos with this fix applied in VMware Fusion and was able to connect to it from the host, which is a Mac Pro running macOS Big Sur 11.4. I copied some files to a share and used Wireshark to confirm that the traffic was encrypted. Before the connection dialog would just hang and rebooting the illumos VM or rebooting the host was the only way to unblock it.

Actions #5

Updated by Electric Monk 4 months ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit b3d11974d0ef0679e47da102fafb125bb1d94470

commit  b3d11974d0ef0679e47da102fafb125bb1d94470
Author: Andrew Stormont <astormont@racktopsystems.com>
Date:   2021-07-06T20:38:20.000Z

    13929 SMB encryption does not work with macOS 11.4
    Reviewed by: Alexander Stetsenko <alex.stetsenko@gmail.com>
    Reviewed by: Andy Fiddaman <andy@omnios.org>
    Reviewed by: Gordon Ross <Gordon.W.Ross@gmail.com>
    Reviewed by: Matt Barden <mbarden@tintri.com>
    Approved by: Garrett D'Amore <garrett@damore.org>

Actions

Also available in: Atom PDF