1 /* SPDX-License-Identifier: GPL-2.0 */
3 * Define the string that exports the set of kernel-supported
4 * Kerberos enctypes. This list is sent via upcall to gssd, and
5 * is also exposed via the nfsd /proc API. The consumers generally
6 * treat this as an ordered list, where the first item in the list
7 * is the most preferred.
10 #ifndef _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H
11 #define _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H
13 #ifdef CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES
16 * NB: This list includes DES3_CBC_SHA1, which was deprecated by RFC 8429.
18 * ENCTYPE_AES256_CTS_HMAC_SHA1_96
19 * ENCTYPE_AES128_CTS_HMAC_SHA1_96
20 * ENCTYPE_DES3_CBC_SHA1
22 #define KRB5_SUPPORTED_ENCTYPES "18,17,16"
24 #else /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */
27 * NB: This list includes encryption types that were deprecated
28 * by RFC 8429 and RFC 6649.
30 * ENCTYPE_AES256_CTS_HMAC_SHA1_96
31 * ENCTYPE_AES128_CTS_HMAC_SHA1_96
32 * ENCTYPE_DES3_CBC_SHA1
37 #define KRB5_SUPPORTED_ENCTYPES "18,17,16,3,1,2"
39 #endif /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */
41 #endif /* _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H */