|
|
b6b438 |
From 728fe099d044b2890eb98a84c0deb9702bdd9971 Mon Sep 17 00:00:00 2001
|
|
|
b6b438 |
From: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Date: Fri, 15 Mar 2019 16:28:12 +0100
|
|
|
b6b438 |
Subject: [PATCH 131/187] s3:smbd: Prefer AES-GCM over AES-CCM with GnuTLS
|
|
|
b6b438 |
|
|
|
b6b438 |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
b6b438 |
|
|
|
b6b438 |
Adapted to remove Samba AES support
|
|
|
b6b438 |
|
|
|
b6b438 |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
b6b438 |
(cherry picked from commit 2ee1764ca88c882cddcc0a17f7d83950ec709b5d)
|
|
|
b6b438 |
---
|
|
|
b6b438 |
source3/smbd/smb2_negprot.c | 10 +++-------
|
|
|
b6b438 |
1 file changed, 3 insertions(+), 7 deletions(-)
|
|
|
b6b438 |
|
|
|
b6b438 |
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
|
|
|
b6b438 |
index 528d3f8cc74..6e7201b1cd8 100644
|
|
|
b6b438 |
--- a/source3/smbd/smb2_negprot.c
|
|
|
b6b438 |
+++ b/source3/smbd/smb2_negprot.c
|
|
|
b6b438 |
@@ -492,14 +492,10 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
|
|
|
b6b438 |
}
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
- /*
|
|
|
b6b438 |
- * For now we preferr CCM because our implementation
|
|
|
b6b438 |
- * is faster than GCM, see bug #11451.
|
|
|
b6b438 |
- */
|
|
|
b6b438 |
- if (aes_128_ccm_supported) {
|
|
|
b6b438 |
- xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
|
|
|
b6b438 |
- } else if (aes_128_gcm_supported) {
|
|
|
b6b438 |
+ if (aes_128_gcm_supported) {
|
|
|
b6b438 |
xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_GCM;
|
|
|
b6b438 |
+ } else if (aes_128_ccm_supported) {
|
|
|
b6b438 |
+ xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
SSVAL(buf, 0, 1); /* ChiperCount */
|
|
|
b6b438 |
--
|
|
|
b6b438 |
2.23.0
|
|
|
b6b438 |
|