42 lines
1.3 KiB
Diff
42 lines
1.3 KiB
Diff
From 728fe099d044b2890eb98a84c0deb9702bdd9971 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Fri, 15 Mar 2019 16:28:12 +0100
|
|
Subject: [PATCH 131/187] s3:smbd: Prefer AES-GCM over AES-CCM with GnuTLS
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Adapted to remove Samba AES support
|
|
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 2ee1764ca88c882cddcc0a17f7d83950ec709b5d)
|
|
---
|
|
source3/smbd/smb2_negprot.c | 10 +++-------
|
|
1 file changed, 3 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
|
|
index 528d3f8cc74..6e7201b1cd8 100644
|
|
--- a/source3/smbd/smb2_negprot.c
|
|
+++ b/source3/smbd/smb2_negprot.c
|
|
@@ -492,14 +492,10 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
|
|
}
|
|
}
|
|
|
|
- /*
|
|
- * For now we preferr CCM because our implementation
|
|
- * is faster than GCM, see bug #11451.
|
|
- */
|
|
- if (aes_128_ccm_supported) {
|
|
- xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
|
|
- } else if (aes_128_gcm_supported) {
|
|
+ if (aes_128_gcm_supported) {
|
|
xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_GCM;
|
|
+ } else if (aes_128_ccm_supported) {
|
|
+ xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
|
|
}
|
|
|
|
SSVAL(buf, 0, 1); /* ChiperCount */
|
|
--
|
|
2.23.0
|
|
|