1 /* SPDX-License-Identifier: GPL-2.0 */
3 * Define the string that exports the set of kernel-supported
4 * Kerberos enctypes. This list is sent via upcall to gssd, and
5 * is also exposed via the nfsd /proc API. The consumers generally
6 * treat this as an ordered list, where the first item in the list
7 * is the most preferred.
10 #ifndef _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H
11 #define _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H
13 #ifdef CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES
16 * NB: This list includes encryption types that were deprecated
17 * by RFC 8429 (DES3_CBC_SHA1 and ARCFOUR_HMAC).
19 * ENCTYPE_AES256_CTS_HMAC_SHA1_96
20 * ENCTYPE_AES128_CTS_HMAC_SHA1_96
21 * ENCTYPE_DES3_CBC_SHA1
22 * ENCTYPE_ARCFOUR_HMAC
24 #define KRB5_SUPPORTED_ENCTYPES "18,17,16,23"
26 #else /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */
29 * NB: This list includes encryption types that were deprecated
30 * by RFC 8429 and RFC 6649.
32 * ENCTYPE_AES256_CTS_HMAC_SHA1_96
33 * ENCTYPE_AES128_CTS_HMAC_SHA1_96
34 * ENCTYPE_DES3_CBC_SHA1
35 * ENCTYPE_ARCFOUR_HMAC
40 #define KRB5_SUPPORTED_ENCTYPES "18,17,16,23,3,1,2"
42 #endif /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */
44 #endif /* _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H */