To be consistent with others including Samba we used "seal" (a long time ago it seems now) to be the mount option to mean "require encryption for this mount" See various references to seal (to mean encrypt) in https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html for example Not sure the etymology here of "seal" but my guess is that its use to mean "encrypt" came from the alternative meaning of "seal" not a large aquatic mammal but instead "apply a nonporous coating to make it impervious." On Sat, Oct 17, 2020 at 12:08 PM Tom Talpey <tom@xxxxxxxxxx> wrote: > > On 10/17/2020 5:03 AM, Steve French wrote: > > There are cases where the server can return a cipher type of 0 and > > it not be an error. For example, if server only supported AES256_CCM > > (very unlikely) or server supported no encryption types or > > It seems me that the simpler statement is that there are > no ciphers supported in common between client and server. > > > had all disabled. In those cases encryption would not be supported, > > but that can be ok if the client did not require encryption on mount. > > > > In the case in which mount requested encryption ("seal" on mount) > > I'm confused. Doesn't "seal" mean signing? > > Tom. > > > then checks later on during tree connection will return the proper > > rc, but if seal was not requested by client, since server is allowed > > to return 0 to indicate no supported cipher, we should not fail mount. > > > > Reported-by: Pavel Shilovsky <pshilov@xxxxxxxxxxxxx> > > Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx> > > > > -- Thanks, Steve
