1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * Define the string that exports the set of kernel-supported 4 * Kerberos enctypes. This list is sent via upcall to gssd, and 5 * is also exposed via the nfsd /proc API. The consumers generally 6 * treat this as an ordered list, where the first item in the list 7 * is the most preferred. 8 */ 9 10#ifndef _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H 11#define _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H 12 13#ifdef CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES 14 15/* 16 * NB: This list includes encryption types that were deprecated 17 * by RFC 8429 (DES3_CBC_SHA1 and ARCFOUR_HMAC). 18 * 19 * ENCTYPE_AES256_CTS_HMAC_SHA1_96 20 * ENCTYPE_AES128_CTS_HMAC_SHA1_96 21 * ENCTYPE_DES3_CBC_SHA1 22 * ENCTYPE_ARCFOUR_HMAC 23 */ 24#define KRB5_SUPPORTED_ENCTYPES "18,17,16,23" 25 26#else /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */ 27 28/* 29 * NB: This list includes encryption types that were deprecated 30 * by RFC 8429 and RFC 6649. 31 * 32 * ENCTYPE_AES256_CTS_HMAC_SHA1_96 33 * ENCTYPE_AES128_CTS_HMAC_SHA1_96 34 * ENCTYPE_DES3_CBC_SHA1 35 * ENCTYPE_ARCFOUR_HMAC 36 * ENCTYPE_DES_CBC_MD5 37 * ENCTYPE_DES_CBC_CRC 38 * ENCTYPE_DES_CBC_MD4 39 */ 40#define KRB5_SUPPORTED_ENCTYPES "18,17,16,23,3,1,2" 41 42#endif /* CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES */ 43 44#endif /* _LINUX_SUNRPC_GSS_KRB5_ENCTYPES_H */ 45