summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve French <stfrench@microsoft.com>2021-04-28 07:07:19 +0300
committerSteve French <stfrench@microsoft.com>2021-04-28 07:18:40 +0300
commitfee742b502894c8ed02506fff61d7605934f93cb (patch)
tree9b5cfe7f7c84e217a1b333af78fc8c44328764fa
parenta8a6082d4ae29d98129440c4a5de8e6ea3de0983 (diff)
downloadlinux-fee742b502894c8ed02506fff61d7605934f93cb.tar.xz
smb3.1.1: enable negotiating stronger encryption by default
Now that stronger encryption (gcm256) has been more broadly tested, and confirmed to work with multiple servers (Windows and Azure for example), enable it by default. Although gcm256 is the second choice we offer (after gcm128 which should be faster), this change allows mounts to server which are configured to require the strongest encryption to work (without changing a module load parameter). Signed-off-by: Steve French <stfrench@microsoft.com> Suggested-by: Ronnie Sahlberg <lsahlber@redhat.com> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
-rw-r--r--fs/cifs/cifsfs.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 5f2c139143a7..44fd850f05c1 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -75,7 +75,7 @@ bool enable_oplocks = true;
bool linuxExtEnabled = true;
bool lookupCacheEnabled = true;
bool disable_legacy_dialects; /* false by default */
-bool enable_gcm_256; /* false by default, change when more servers support it */
+bool enable_gcm_256 = true;
bool require_gcm_256; /* false by default */
unsigned int global_secflags = CIFSSEC_DEF;
/* unsigned int ntlmv2_support = 0; */