/* SPDX-License-Identifier: GPL-2.0 */
|
/*
|
* Define the string that exports the set of kernel-supported
|
* Kerberos enctypes. This list is sent via upcall to gssd, and
|
* is also exposed via the nfsd /proc API. The consumers generally
|
* treat this as an ordered list, where the first item in the list
|
* is the most preferred.
|
*/
|
|
#ifndef _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H
|
#define _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H
|
|
#ifdef CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES
|
|
/*
|
* NB: This list includes DES3_CBC_SHA1, which was deprecated by RFC 8429.
|
*
|
* ENCTYPE_AES256_CTS_HMAC_SHA1_96
|
* ENCTYPE_AES128_CTS_HMAC_SHA1_96
|
* ENCTYPE_DES3_CBC_SHA1
|
*/
|
#define KRB5_SUPPORTED_ENCTYPES "18,17,16"
|
|
#else /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */
|
|
/*
|
* NB: This list includes encryption types that were deprecated
|
* by RFC 8429 and RFC 6649.
|
*
|
* ENCTYPE_AES256_CTS_HMAC_SHA1_96
|
* ENCTYPE_AES128_CTS_HMAC_SHA1_96
|
* ENCTYPE_DES3_CBC_SHA1
|
* ENCTYPE_DES_CBC_MD5
|
* ENCTYPE_DES_CBC_CRC
|
* ENCTYPE_DES_CBC_MD4
|
*/
|
#define KRB5_SUPPORTED_ENCTYPES "18,17,16,3,1,2"
|
|
#endif /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */
|
|
#endif /* _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H */
|
