1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * Define the string that exports the set of kernel-supported 4 * Kerberos enctypes. This list is sent via upcall to gssd, and 5 * is also exposed via the nfsd /proc API. The consumers generally 6 * treat this as an ordered list, where the first item in the list 7 * is the most preferred. 8 */ 9 10#ifndef _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H 11#define _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H 12 13#ifdef CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES 14 15/* 16 * NB: This list includes DES3_CBC_SHA1, which was deprecated by RFC 8429. 17 * 18 * ENCTYPE_AES256_CTS_HMAC_SHA1_96 19 * ENCTYPE_AES128_CTS_HMAC_SHA1_96 20 * ENCTYPE_DES3_CBC_SHA1 21 */ 22#define KRB5_SUPPORTED_ENCTYPES "18,17,16" 23 24#else /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */ 25 26/* 27 * NB: This list includes encryption types that were deprecated 28 * by RFC 8429 and RFC 6649. 29 * 30 * ENCTYPE_AES256_CTS_HMAC_SHA1_96 31 * ENCTYPE_AES128_CTS_HMAC_SHA1_96 32 * ENCTYPE_DES3_CBC_SHA1 33 * ENCTYPE_DES_CBC_MD5 34 * ENCTYPE_DES_CBC_CRC 35 * ENCTYPE_DES_CBC_MD4 36 */ 37#define KRB5_SUPPORTED_ENCTYPES "18,17,16,3,1,2" 38 39#endif /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */ 40 41#endif /* _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H */ 42