diff mbox series

smb3.1.1: enable negotiating stronger encryption by default

Message ID CAH2r5muZOD+d-x4ci=z2Ebi3mkyCUBj286aX+u17SQZ-XDpgMg@mail.gmail.com
State New
Headers show
Series smb3.1.1: enable negotiating stronger encryption by default | expand

Commit Message

Steve French April 28, 2021, 4:17 a.m. UTC
Now that stronger encryption (gcm256) has been more broadly
tested, and confirmed to work with multiple servers (Windows
and Azure for example), enable it by default.  Although gcm256 is
the second choice we offer (after gcm128 which should be faster),
this change allows mounts to server which are configured to
require the strongest encryption to work (without changing a module
load parameter).

Signed-off-by: Steve French <stfrench@microsoft.com>
Suggested-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
 fs/cifs/cifsfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

 /* unsigned int ntlmv2_support = 0; */
diff mbox series


diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 4a3867a7cc5b..8a6894577697 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -75,7 +75,7 @@  bool enable_oplocks = true;
 bool linuxExtEnabled = true;
 bool lookupCacheEnabled = true;
 bool disable_legacy_dialects; /* false by default */
-bool enable_gcm_256;  /* false by default, change when more servers
support it */
+bool enable_gcm_256 = true;
 bool require_gcm_256; /* false by default */
 unsigned int global_secflags = CIFSSEC_DEF;