samba/SOURCES/0131-s3-smbd-Prefer-AES-GCM-over-AES-CCM-with-GnuTLS.patch
2021-10-08 16:37:00 +00:00

42 lines
1.3 KiB
Diff

From 728fe099d044b2890eb98a84c0deb9702bdd9971 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 15 Mar 2019 16:28:12 +0100
Subject: [PATCH 131/187] s3:smbd: Prefer AES-GCM over AES-CCM with GnuTLS
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted to remove Samba AES support
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2ee1764ca88c882cddcc0a17f7d83950ec709b5d)
---
source3/smbd/smb2_negprot.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 528d3f8cc74..6e7201b1cd8 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -492,14 +492,10 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
}
}
- /*
- * For now we preferr CCM because our implementation
- * is faster than GCM, see bug #11451.
- */
- if (aes_128_ccm_supported) {
- xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
- } else if (aes_128_gcm_supported) {
+ if (aes_128_gcm_supported) {
xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_GCM;
+ } else if (aes_128_ccm_supported) {
+ xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
}
SSVAL(buf, 0, 1); /* ChiperCount */
--
2.23.0